Managing Secrets¶

Bauplan provides secure secret management for sensitive information like API keys and credentials. To add a secret to your project:

bauplan parameter set --name your_secret_name --value your_secret_value --type secret

For example, to store an OpenAI API key:

bauplan parameter set --name openai_api_key --value sk-abc123... --type secret

The secret will be stored securely in your bauplan_project.yml file in an encrypted format:

parameters:
    openai_api_key:
        type: secret
        default: kUg6q4141413...
        key: awskms:///arn:aws:kms:us-...

You can then safely use these secrets in your pipeline code without exposing sensitive values. This is particularly useful when working with external services like OpenAI, MongoDB, or other APIs that require authentication. The secrets are automatically decrypted and made available to your pipeline functions at runtime while remaining encrypted at rest.