Skip to main content

Setting Secrets

For setting sensitive information (such as API keys or database credentials) to be accessed within your fal functions you can use the fal secrets CLI interface. 
$ fal secrets set MY_API_TOKEN=token MY_IDENTITY_KEY=identity
Any secret that is set will be exposed to all functions running from your user, and can be accessible as if they are regular environment variables.

Accessing Secrets in Your Code

import os
import fal

class MyApp(fal.App):
    @fal.endpoint("/")
    def print_secrets(self):
        print(os.getenv("MY_API_TOKEN"))
        print(os.getenv("MY_IDENTITY_KEY"))
        return {"status": "secrets printed"}

Accessing Secrets in Your Requirements

For security reasons, we don’t expose your secrets as environment variables during the environment building stage. Instead, you can use ${} to substitute your secret into a requirement. 
import fal

class MyApp(fal.App):
    requirements = [
        "git+https://${GITHUB_TOKEN}@github.com/myorg/myproj"
    ]

Listing Secrets

You can list the secrets you have through the CLI, but the values will be hidden for security reasons. 
$ fal secrets list
Secret NameCreated At
MY_API_TOKEN2023-09-05 15:17:39.279347
MY_IDENTITY_KEY2023-09-05 15:17:41.444478

Removing Secrets

To omit a secret from being present in new runs, you can simply delete it through the CLI: 
$ fal secrets unset MY_API_TOKEN
I