Skip to content

Secrets

Interacting with data securely requires credentials that grant access. Keeping these credentials out of git repositories is essential. Cubonacci allows you to use references to these credentials in your code which will be injected at runtime, this is currently available for the DataLoader class and the Transformer class.

These credentials can be stored inside the Cubonacci platform in the user interface. After you add a secret, the value is stored in the platform using state of the art encryption.

Secrets

Alternatively, Cubonacci can integrate with different existing credentials management systems like HashiCorp Vault or the different managed cloud offerings.

Secret reference

Secrets will be passed to your code as a dictionary. If the method contains an argument called secrets, Cubonacci will pass the relevant credentials as this argument. As an example, assume our DataLoader retrieves training data from a PostgreSQL database. We have saved the user and password as secrets in the project. In the following code snippet, we define our DataLoader so that training data can be retrieved securely.

import pandas as pd
import psycopg2


class DataLoader():
    def load_training_data(self, secrets):
        connection = psycopg2.connect(host="postgresdb",
                                      database="training_data",
                                      user=secrets["user"],
                                      password=secrets["password"])
        data = pd.read_sql("SELECT * FROM TrainingData;", con=connection)
        features = data.drop("target", axis=1)
        target = data["target"]
        return features, target