From c548928be53e375fad49e262f41b1fe52e952ab1 Mon Sep 17 00:00:00 2001 From: Pierric Cistac Date: Mon, 13 May 2024 15:26:46 -0400 Subject: [PATCH 1/3] Tweaks to env vars in Spaces I think this is clearer, and it will also prevent Python noobs like me from having to google how to read an env var! --- docs/hub/spaces-overview.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/hub/spaces-overview.md b/docs/hub/spaces-overview.md index 276d9b316..467275460 100644 --- a/docs/hub/spaces-overview.md +++ b/docs/hub/spaces-overview.md @@ -66,14 +66,21 @@ If your app requires environment variables (for instance, secret keys or tokens) +Variables are publicly accessible and viewable and will be automatically added to Spaces duplicated from your repository. -Variables are publicly accessible and viewable and will be automatically added to Spaces duplicated from your repository. They are exposed to your app as environment variables. +Secrets are private and their value cannot be read from the Space's settings once set. They won't be added to Spaces duplicated from your repository. -For Static Spaces, they are available through client-side JavaScript in `window.huggingface.variables`. +- For Static Spaces, both are available through client-side JavaScript in `window.huggingface.variables` +- For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management) +- For Streamlit Spaces, secrets are exposed to your app through [Streamlit Secrets Management](https://blog.streamlit.io/secrets-in-sharing-apps/), and public variables are directly available as environment variables -For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management). +For other Spaces, both are exposed to your app as environment variables. Here is a very simple example of accessing the previously declared `MODEL_REPO_ID` variable with `python` (it would be the same for secrets): +```py +import os +print(os.environ['MODEL_REPO_ID']) +``` -Secrets are private and their value cannot be retrieved once set. They won't be added to Spaces duplicated from your repository. The secrets will be exposed to your app with [Streamlit Secrets Management](https://blog.streamlit.io/secrets-in-sharing-apps/) if you use Streamlit, and as environment variables in other cases. For Docker Spaces, please check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management). Users are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). +Users are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). ## Duplicating a Space From e786d10245b2e2cd740a772749748aa1b6af9a1b Mon Sep 17 00:00:00 2001 From: Pierric Cistac Date: Mon, 13 May 2024 15:29:31 -0400 Subject: [PATCH 2/3] Update docs/hub/spaces-overview.md --- docs/hub/spaces-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/spaces-overview.md b/docs/hub/spaces-overview.md index 467275460..f4e2ddcc9 100644 --- a/docs/hub/spaces-overview.md +++ b/docs/hub/spaces-overview.md @@ -74,7 +74,7 @@ Secrets are private and their value cannot be read from the Space's settings onc - For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management) - For Streamlit Spaces, secrets are exposed to your app through [Streamlit Secrets Management](https://blog.streamlit.io/secrets-in-sharing-apps/), and public variables are directly available as environment variables -For other Spaces, both are exposed to your app as environment variables. Here is a very simple example of accessing the previously declared `MODEL_REPO_ID` variable with `python` (it would be the same for secrets): +For other Spaces, both are exposed to your app as environment variables. Here is a very simple example of accessing the previously declared `MODEL_REPO_ID` variable in Python (it would be the same for secrets): ```py import os print(os.environ['MODEL_REPO_ID']) From 285fd3dbffeeeaffc19f0e081ebf18b36df515ce Mon Sep 17 00:00:00 2001 From: Pierric Cistac Date: Wed, 22 May 2024 18:57:26 -0400 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Omar Sanseviero --- docs/hub/spaces-overview.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/hub/spaces-overview.md b/docs/hub/spaces-overview.md index f4e2ddcc9..17c133b23 100644 --- a/docs/hub/spaces-overview.md +++ b/docs/hub/spaces-overview.md @@ -66,9 +66,13 @@ If your app requires environment variables (for instance, secret keys or tokens) -Variables are publicly accessible and viewable and will be automatically added to Spaces duplicated from your repository. +You can use: -Secrets are private and their value cannot be read from the Space's settings once set. They won't be added to Spaces duplicated from your repository. +* **Variables** if you need to store non-sensitive configuration values. They are publicly accessible and viewable and will be automatically added to Spaces duplicated from yours. +* **Secrets** to store access tokens, API keys, or any sensitive values or credentials. They are private and their value cannot be read from the Space's settings page once set. They won't be added to Spaces duplicated from your repository. + + +Accessing secrets and variables is different depending on your Space SDK: - For Static Spaces, both are available through client-side JavaScript in `window.huggingface.variables` - For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management) @@ -77,10 +81,10 @@ Secrets are private and their value cannot be read from the Space's settings onc For other Spaces, both are exposed to your app as environment variables. Here is a very simple example of accessing the previously declared `MODEL_REPO_ID` variable in Python (it would be the same for secrets): ```py import os -print(os.environ['MODEL_REPO_ID']) +print(os.getenv['MODEL_REPO_ID']) ``` -Users are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). +Spaces owners are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). ## Duplicating a Space