Keyring Secret Store
The keyring
store enables Spice to access secrets from the secure/credential store of the host operating system:
- Linux: The secret-service and kernel keyutils.
- macOS: The keychain.
- Windows: The Credential Manager.
The Keyring Store will read entries for names formatted as spice_secret_<secret-name>
and where the entry account or user is set to spiced
.
Note: For compatibility with Spice secret objects, secret values are required to be stored as JSON strings, as the keyring store only supports string values.
Example​
For setting spiceai
api key secret using macOS keychain, create new keychain entry, with following JSON string value
"{ key: "<your spice.ai app api key>" }"
Then set store
field of the secrets
section in the Spicepod manifest:
secrets:
store: keyring