Skip to main content

Keyring Secret Store

The keyring store enables Spice to access secrets from the secure/credential store of the host operating system:

  • Linux: The secret-service and kernel keyutils.
  • macOS: The keychain.
  • Windows: The Credential Manager.

The Keyring Store will read entries where the entry account or user is set to spiced.

Example​

To set the spiceai API Key secret using macOS keychain, create a new keychain entry, and set the value with the API Key.

"<your spice.ai app api key>"

The keyring store is configured in the Spicepod manifest:

secrets:
  - from: keyring
    name: keyring

And the secret can be referenced in parameters:

datasets:
  - from: spice.ai:eth.recent_blocks
    name: blocks
    params:
      spiceai_api_key: ${keyring:spiceai_api_key} # ${secrets:spiceai_api_key} can also be used