Secrets
Secrets store sensitive data — API keys, authentication tokens, model registry credentials — that inference endpoints need at runtime. They're mounted into endpoint pods as environment variables or files, keeping credentials out of your code and configuration.
The secrets list
The list view shows every secret in your workspace. Each row displays:
- Name — the secret's identifier.
- Type — the secret type (e.g.
Opaque,docker-registry). - Keys — the data keys stored in this secret (values are never shown).
- Age — how long the secret has existed.
Creating a secret
Click Create secret to add a new secret. You'll specify:
| Field | Required | What it does |
|---|---|---|
| Name | required | Unique identifier for the secret. |
| Type | required | Secret type. Opaque for generic key-value pairs, docker-registry for container registry credentials. |
| Data | required | Key-value pairs. Values are base64-encoded automatically. |
Using secrets in endpoints
When deploying an endpoint, reference secrets in the Configurations section. Secrets are mounted as environment variables or volumes in the endpoint's pods.
warning
Secret values are never displayed in the UI. If you need to update a secret, delete and recreate it. This is by design — secrets are meant to be opaque.
Next steps
- Deploying an endpoint — how to attach secrets to endpoints
- Presets — pre-configured endpoint defaults