Weekly round-up: Include secrets in deployed models

The word “secret” is derived from Latin, secreto, which literally translates to “don’t store your API keys and AWS access tokens in your source code.” Amazing what insights linguistics offers!

For models that use secrets to access file stores, databases, external APIs, or other resources, you need to store secrets to access these resources. Secrets also pop up often in pre- and post-processing code to store model inputs and outputs. When you use Truss to deploy your model on Baseten, you can add secrets to your model’s config as follows:

secrets:
    my_api_key: null

Then, you can access the secrets in the Truss' model file by passing them into the init function:

def __init__(self, secrets) -> None:
    self._api_key = secrets["my_api_key"]

To set secrets in production, use Baseten’s secret management feature. Get started with secrets by following the documentation to add and reference secrets in your model.

Connect to external Postgres databases with SSL

Baseten supports data connections to external sources. Now, data connections to PostgreSQL tables come with an optional additional layer of security: connecting with SSL. Simply check the SSL option and paste in a client key to connect via SSL. You also have the option to provide a self-signed certificate.

Options for adding an SSL certificate to PostgreSQL data connections

Let us know if you need SSL for another data connection like MySQL and we will expand the functionality based on user requests!

🎃 The pumpkin patch

A handful of small-but-mighty changes to make Baseten more joyful to use:

  • Workspace settings are now organized as full-page tabs rather than a modal

  • The app builder tour is dismissible for those who prefer to explore on their own