Skip to content
Dashboard

Manage Secrets Securely

Secure management of sensitive information like API keys, passwords, and database credentials is critical for production applications. This guide covers secret creation, rotation strategies, access patterns, and security best practices to help you protect sensitive configuration in your fal Serverless applications.

Setting Secrets

For setting sensitive information (such as API keys or database credentials) to be accessed within your fal functions you can use the fal secrets CLI interface.

$ fal secrets set MY_API_TOKEN=token MY_IDENTITY_KEY=identity

Any secret that is set will be exposed to all functions running from your user, and can be accessible as if they are regular environment variables.

Accessing Secrets in Your Code

import os
import fal
class MyApp(fal.App):
@fal.endpoint("/")
def print_secrets(self):
print(os.getenv("MY_API_TOKEN"))
print(os.getenv("MY_IDENTITY_KEY"))
return {"status": "secrets printed"}

Listing Secrets

You can list the secrets you have through the CLI, but the values will be hidden for security reasons.

$ fal secrets list
┏━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Secret Name ┃ Created At ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
MY_API_TOKEN2023-09-05 15:17:39.279347
MY_IDENTITY_KEY2023-09-05 15:17:41.444478
└─────────────────────────┴────────────────────────────┘

Removing Secrets

To omit a secret from being present in new runs, you can simply delete it through the CLI:

$ fal secrets unset MY_API_TOKEN