Secret management on Anyscale

Anyscale leverages secret managers in your cloud provider account to store and use secrets such as API keys, tokens, credentials, and passwords.

Anyscale recommends always using a secrets manager for storing and accessing credentials.

For Anyscale clouds on AWS, see Configure access to Amazon Secrets Manager.

For Anyscale clouds on Google Cloud, see Configure access to Google Secret Manager.

note

Anyscale uses the IAM role you configure for your cloud deployment to access the secrets manager in your AWS or Google Cloud account tied to your Anyscale cloud.

If you need to access a secrets manager with a different cloud provider or are using serverless (Anyscale-hosted) clouds, contact Anyscale support.

Use secrets on Anyscale

Anyscale requires a secrets manager to configure credentials when using a private third-party image registry to deploy Ray clusters. The Anyscale console, CLI, and SDK have special built-in behavior to access secrets for external registries. See Use container images from an external registry.

To reference secrets in your code on Anyscale, use the CLI or Python SDK provided by AWS or Google Cloud.

See the following AWS docs pages for working with AWS Secrets Manager:

• Installing or updating to the latest version of the AWS CLI
• Secrets Manager examples using AWS CLI
• Boto3 quickstart
• Boto3 Secrets Manager examples

See the following Google Cloud docs pages for working with the Google Secret Manager:

• Install the gcloud CLI
• gcloud reference for Google Secret Manager
• Python Client for Secret Manager