spice-secrets

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Spice Secret Stores

Spice 密钥存储

Secret stores manage sensitive data like API keys, passwords, and tokens. The

env

store is loaded by default.

密钥存储用于管理API密钥、密码和令牌等敏感数据。默认加载

env

存储。

Basic Configuration

基本配置

yaml

secrets:
  - from: <store_type>
    name: <store_name>

yaml

secrets:
  - from: <store_type>
    name: <store_name>

Supported Secret Stores

支持的密钥存储

Store	From Format	Description
Environment	`env`	Environment variables + `.env` / `.env.local` files (default)
Kubernetes	`kubernetes:<secret_name>`	Kubernetes secrets
AWS Secrets Manager	`aws_secrets_manager`	AWS Secrets Manager
Keyring	`keyring`	OS keyring (macOS Keychain, Linux, Windows)

存储类型	来源格式	说明
环境变量	`env`	环境变量 + `.env` / `.env.local` 文件（默认）
Kubernetes	`kubernetes:<secret_name>`	Kubernetes 密钥
AWS Secrets Manager	`aws_secrets_manager`	AWS Secrets Manager
Keyring	`keyring`	操作系统密钥环（macOS Keychain、Linux、Windows）

Default: Environment Variables

默认：环境变量

Loaded automatically. Reads from environment variables and any

.env.local

.env

files in the project directory.

yaml

secrets:
  - from: env
    name: env

自动加载。从环境变量以及项目目录中的

.env.local

或

.env

文件读取数据。

yaml

secrets:
  - from: env
    name: env

Referencing Secrets

引用密钥

Use

${ store_name:KEY_NAME }

syntax in component parameters:

yaml

datasets:
  - from: postgres:my_table
    name: my_table
    params:
      pg_user: ${ env:PG_USER }
      pg_pass: ${ env:PG_PASSWORD }

models:
  - from: openai:gpt-4o
    name: gpt4
    params:
      openai_api_key: ${ secrets:OPENAI_API_KEY }

Also works within strings:

yaml

params:
  mysql_connection_string: mysql://${env:USER}:${env:PASSWORD}@localhost:3306/db

在组件参数中使用

${ store_name:KEY_NAME }

语法：

yaml

datasets:
  - from: postgres:my_table
    name: my_table
    params:
      pg_user: ${ env:PG_USER }
      pg_pass: ${ env:PG_PASSWORD }

models:
  - from: openai:gpt-4o
    name: gpt4
    params:
      openai_api_key: ${ secrets:OPENAI_API_KEY }

也可在字符串中使用：

yaml

params:
  mysql_connection_string: mysql://${env:USER}:${env:PASSWORD}@localhost:3306/db

Searching All Stores

搜索所有存储

Use

${ secrets:KEY }

to search all configured stores in precedence order (last defined wins):

yaml

secrets:
  - from: env
    name: env
  - from: keyring
    name: keyring

datasets:
  - from: postgres:my_table
    name: my_table
    params:
      pg_user: ${ secrets:pg_user }     # checks keyring first, then env
      pg_pass: ${ secrets:pg_pass }

The

<key_name>

is automatically uppercased for the

env

secret store.

使用

${ secrets:KEY }

可按优先级顺序搜索所有已配置的存储（最后定义的优先）：

yaml

secrets:
  - from: env
    name: env
  - from: keyring
    name: keyring

datasets:
  - from: postgres:my_table
    name: my_table
    params:
      pg_user: ${ secrets:pg_user }     # 先检查keyring，再检查env
      pg_pass: ${ secrets:pg_pass }

对于

env

密钥存储，

<key_name>

会自动转换为大写。

Examples

示例

Kubernetes Secrets

Kubernetes 密钥

yaml

secrets:
  - from: kubernetes:my-app-secrets
    name: k8s

yaml

secrets:
  - from: kubernetes:my-app-secrets
    name: k8s

AWS Secrets Manager

yaml

secrets:
  - from: aws_secrets_manager
    name: aws
    params:
      aws_region: us-east-1

yaml

secrets:
  - from: aws_secrets_manager
    name: aws
    params:
      aws_region: us-east-1

Override Order (env overrides keyring)

覆盖顺序（env 覆盖 keyring）

yaml

secrets:
  - from: keyring
    name: keyring
  - from: env
    name: env

yaml

secrets:
  - from: keyring
    name: keyring
  - from: env
    name: env

spice-secrets

Original

Translation

Spice Secret Stores

Spice 密钥存储

Basic Configuration

基本配置

Supported Secret Stores

支持的密钥存储

Default: Environment Variables

默认：环境变量

Referencing Secrets

引用密钥

Searching All Stores

搜索所有存储

Examples

示例

Kubernetes Secrets

Kubernetes 密钥

AWS Secrets Manager

AWS Secrets Manager

Override Order (env overrides keyring)

覆盖顺序（env 覆盖 keyring）

Documentation

文档