Model Secrets
This page provides details about creating Kubernetes secrets in model headers.
Admins are able to create model secrets in Kubernetes, and those K8s secrets are referenced through the scan definition.
How to create model secrets using Kubernetes
Create a model secret in k8s with any name (e.g. test-model-secret) and the reference field,
model id
.Add the
model_secret
field in the scan definition.Example The secret below references a Kubernetes secret with the name "test-model-secret", and contains a key called "logit" within it.
model_secret: test-model-secretReference it in the model_headers section of the scan definition.
Example For
model_id
"logit", themodel_secret
that was defined in step 2 is referenced in themodel_headers
portion of the scan definition (Bearer ${model_secret.<your-l8s-secret-field-name>}
).model_headers:default:- name: Content-Typevalue: application/json- name: acceptvalue: application/jsondefined:- model_id: logitname: Authorizationvalue: Bearer ${model_secret.<your-k8s-secret-field-name>}Run the scan.
The scan job fetches the secret (name=test-model-secret, key=logit) from k8s and inserts it into the auth header of the respective model in the scan job, so that the scan runs successfully.
In the example, the secret name is "test-model-key" and it has a key named "logit" in it as defined in Kubernetes.
To reference it, the user must specify ${model_secret.logit} where "logit" is the specific key.
In the header anything not prefixed with model_secret.
will continue to work as a reference to another environment variable.