User Guides

Secrets

LaunchFlow uses secrets to allow you to easily reference sensitive information such as API keys, passwords, and private keys in your code with out exposing them in your codebase. To do this you can use launchflow.gcp.SecretManagerSecret for GCP or launchflow.aws.SecretsManagerSecret for AWS to reference your secrets.

Using GCP LaunchFlow will store your secrets in GCP Secret Manager. To create a secret you can do the following:

1
import launchflow as lf
2
3
api_key = lf.gcp.SecretManagerSecret("api-key")

Then run launchflow create to create the container for your secret. This will create the container for you secret but not set the actually value associated with the secret. To set the value you can use launchflow secrets set command. For example to set the value of the secret:

1
launchflow secrets set api-key <secret-value>

Once you've run this you can access the secret in your code by calling the version method on the secret object.

1
from app.infra import api_key
2
3
api_key.version()

In addition to using the launchflow secrets set method you can also set versions directly in the AWS or GCP console. Or use the add_version method of your secrets resource.

1
from app.infra import api_key
2
3
api_key.add_version("my-api-key")
Previous
Deploy from GitHub