How is runpod secret / environment vars for credentials more secure? | Runpod | Page 1

#How is runpod secret / environment vars for credentials more secure?

3 messages · Page 1 of 1 (latest)

wispy pier Jul 28, 2024, 12:06 AM

I'm looking at the runpod Secret feature for handling AWS credentials. It looks like 'best practice' for handling credentials in a docker image is to set them as environment variables; and Runpod's "Secrets" feature feeds into that.
Could anyone explain how using runpod's "Secrets" is more secure than just passing environment variables? If the security concern is to avoid writing your credentials directly into the image and instead pass them on launch with env vars, how do "Secrets" do anything more? Is it a feature for handling credentials within a runpod account managed by a team?

fallen frigateBOT Jul 28, 2024, 12:06 AM

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

raw eagle Jul 28, 2024, 1:07 AM

Yes, they are meant to keep keys secure in a team environment. With ENV variables all team members could view your keys in clear text in the template definition.