Manage Secrets Securely
Secure management of sensitive information like API keys, passwords, and database credentials is critical for production applications. This guide covers secret creation, rotation strategies, access patterns, and security best practices to help you protect sensitive configuration in your fal Serverless applications.
Setting Secrets
For setting sensitive information (such as API keys or database credentials) to be accessed within your fal functions you can use the fal secrets
CLI interface.
$ fal secrets set MY_API_TOKEN=token MY_IDENTITY_KEY=identity
Any secret that is set will be exposed to all functions running from your user, and can be accessible as if they are regular environment variables.
Accessing Secrets in Your Code
import osimport fal
class MyApp(fal.App): @fal.endpoint("/") def print_secrets(self): print(os.getenv("MY_API_TOKEN")) print(os.getenv("MY_IDENTITY_KEY")) return {"status": "secrets printed"}
Listing Secrets
You can list the secrets you have through the CLI, but the values will be hidden for security reasons.
$ fal secrets list┏━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓┃ Secret Name ┃ Created At ┃┡━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩│ MY_API_TOKEN │ 2023-09-05 15:17:39.279347 ││ MY_IDENTITY_KEY │ 2023-09-05 15:17:41.444478 │└─────────────────────────┴────────────────────────────┘
Removing Secrets
To omit a secret from being present in new runs, you can simply delete it through the CLI:
$ fal secrets unset MY_API_TOKEN