Using Secrets in Action Stores

Often you'll want to use pre-defined secrets in your action code such as tokens, keys, etc. 
You may predefine these secrets using Kubiya's cli.
You can simply create a secret using the CLI using the following command:
kubiya secret create -n <secret-name> -v <secret-value>
This command will create an encrypted secret in the Kubiya infrastructure, only your organization in Kubiya can access this secret from within the platform 
As soon as a secret is created in Kubiya, you can use the secrets system to pass the relevant secret during run time by defining the secret requirement in the action store
You can declare your secrets using the store.uses_secrets method:
store.uses_secrets(["FIRST_SECRET", "SECOND_SECRET", "SOME_TOKEN"])
The secrets are now available on the store object:
store.secrets["FIRST_SECRET"]
@action_store.kubiya_action(validate_input=True)
def action_with_model(user: ExampleModel) -> str:
    """returns baz"""
    # secrets are available at store.secrets["SECRET_ONE]
    return f"{user.get('your_string')} | {user.get('your_int')} | {user.get('email')} from baz"
Having been set and declared, the stores secrets are available as a dictionary on the store object as shown below.
...
from pydantic import BaseModel
import kubiya
import requests
​
action_store = kubiya.ActionStore("sample-store", "0")
​
@action_store.kubiya_action(validate_input=True)
def simple_action(a: str):
    "returns repo data"
    token = action_store.secrets.get("SOME_TOKEN")
    headers={'Authorization': f'access_token {token}'}
    response = requests.get("https://api.github.com/orgs/kubiyabot/repos", headers=headers)
    repo = response.json()[0]
    return repo
​
​
​
Adding Third-Party Python Libraries
Integrations
Last modified 3mo ago