AgentSkillsCN

managing-secrets

在 inference.sh 应用中妥善管理 API 密钥与敏感值。当您需要添加密钥、访问环境变量,或对凭证进行安全保护时,可使用此技能。

SKILL.md
--- frontmatter
name: managing-secrets
description: Handle API keys and sensitive values in inference.sh apps. Use when adding secrets, accessing environment variables, or securing credentials.

Managing Secrets

Securely access API keys and sensitive values injected at runtime.

Declaring Secrets

In inf.yml:

yaml
secrets:
  - key: OPENAI_API_KEY
    description: OpenAI API key
    optional: false

  - key: WEBHOOK_SECRET
    description: Optional webhook secret
    optional: true

Properties

PropertyTypeDescription
keystringEnvironment variable name
descriptionstringShown to users
optionalbooleanIf false, app won't run without it

Accessing Secrets

python
import os

class App(BaseApp):
    async def setup(self, config):
        api_key = os.environ.get("OPENAI_API_KEY")
        if not api_key:
            raise ValueError("OPENAI_API_KEY required")
        self.client = OpenAI(api_key=api_key)

Common Patterns

External API Access

python
from openai import OpenAI

class App(BaseApp):
    async def setup(self, config):
        self.client = OpenAI(api_key=os.environ.get("OPENAI_API_KEY"))

HuggingFace Token

yaml
secrets:
  - key: HF_TOKEN
    description: HuggingFace token for gated models
python
from huggingface_hub import snapshot_download

self.model_path = snapshot_download(
    repo_id="meta-llama/Llama-2-7b",
    token=os.environ.get("HF_TOKEN")
)

Tips

  • Use specific names (OPENAI_API_KEY not API_KEY)
  • Validate in setup(), fail fast
  • Never log secret values