Version: 1.3.13

Model Secrets

This page provides details about creating Kubernetes secrets in model headers.

Admins are able to create model secrets in Kubernetes, and those K8s secrets are referenced through the scan definition.

How to create model secrets using Kubernetes

  1. Create a model secret in k8s with any name (e.g. test-model-secret) and the reference field, model id.

  2. Add the model_secret field in the scan definition.

    Example The secret below references a Kubernetes secret with the name "test-model-secret", and contains a key called "logit" within it.

    model_secret: test-model-secret
  3. Reference it in the model_headers section of the scan definition.

    Example For model_id "logit", the model_secret that was defined in step 2 is referenced in the model_headers portion of the scan definition (Bearer ${model_secret.<your-l8s-secret-field-name>}).

    model_headers:
    default:
    - name: Content-Type
    value: application/json
    - name: accept
    value: application/json
    defined:
    - model_id: logit
    name: Authorization
    value: Bearer ${model_secret.<your-k8s-secret-field-name>}
  4. Run the scan.

The scan job fetches the secret (name=test-model-secret, key=logit) from k8s and inserts it into the auth header of the respective model in the scan job, so that the scan runs successfully.

In the example, the secret name is "test-model-key" and it has a key named "logit" in it as defined in Kubernetes.

To reference it, the user must specify ${model_secret.logit} where "logit" is the specific key.

In the header anything not prefixed with model_secret. will continue to work as a reference to another environment variable.