Project description

Ray Secret Proxy

DISCLAIMER

The Ray Secret Proxy is not an officially supported project by Ray or Anyscale.

Background

Credentials are required for almost every application to interact with databases, external APIs, and 3rd party integrations. Meanwhile, securely assessing, storing, and applying them within application logic poses a risk for potential credential exposure.

A straightforward approach to credential management is the use of environment variables, however these variables are not encrypted and easily accessible by other processes on a machine.

To combat this, vendors have created Secret Management systems to provide mechanisms securely store, manage, and leverage secrets within applications. However, each of these systems requires intimate knowledge of the specific secret provider in order to build an application client.

Usage

Before you begin, you will need to grant an IAM Role an IAM Policy that allows your Ray cluster to access your target Secrets Proxy. It is highly recommended to only grant read and list permissions for the Secret Manager for the IAM Role attached to your Ray clusters.

For information on how to use the Ray Secrets Proxy, please visit our Walkthrough notebook.

Architecture

RaySecretsArchitecture The Ray Secrets Proxy is an actor that can deployed within a Ray cluster and accessed as part of the Ray application to fetch credentials for 3rd parties applications, data bases, etc.

The Secrets Proxy leverages a Pluggable Ray Secret Operator that conforms to a standard interface to list and fetch credentials from a third party Secrets Manager.

Ray Secret Operators

Today, there are out of the box Ray Secret Operators for AWS and GCP Secret Managers. These Operators are based off of the RaySecretOperator class and implement the following methods:

initialize: a public method that initializes the client within the Proxy Actor to connect to your 3rd party Secret Store
_fetch: the private method that retrieves a secret from the underlying Secret Providor
get_secret: the public method to return a RaySecret from the provider
list_secrets: the public method to return a list of secrets from the provider

Additional Secret Managers can be added by implementing additional operators based off of the base Ray Secret Operator.

Project details

These details have not been verified by PyPI

Project links

Home Page

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.3

Apr 6, 2023

0.0.2

Apr 3, 2023

0.0.1

Mar 31, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

raysecretsproxy-0.0.3.tar.gz (15.7 kB view hashes)

Uploaded Apr 6, 2023 Source

Built Distribution

raysecretsproxy-0.0.3-py3-none-any.whl (14.6 kB view hashes)

Uploaded Apr 6, 2023 Python 3

Hashes for raysecretsproxy-0.0.3.tar.gz

Hashes for raysecretsproxy-0.0.3.tar.gz
Algorithm	Hash digest
SHA256	`cbdd3e04e86a9f1d3cd77eed315fa20475837fbd976c14c2148cddc3cb2c3105`
MD5	`de0e71943b034b431b13c3c868225570`
BLAKE2b-256	`30d35db5c6770ae45d8167bee3b02cf5a98338958d3bf781a21a2d79f938e1f5`

Hashes for raysecretsproxy-0.0.3-py3-none-any.whl

Hashes for raysecretsproxy-0.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`eef7dc600833eb0d899bd082a410c96fd4b6297aceacbb8c5122708917eed1be`
MD5	`0f9d3099a49d957837f7806f6b66c658`
BLAKE2b-256	`13c034c634554afe71112a3d7e0203e1caa9a3ac3a71d2194275ba7e1311c8fe`