Menu
I used to hide connection credentials in environmental variables (.bash_profile). Recently working with SageMaker, I tried a similar process with the terminal available in SageMaker but I am getting the following error,
NameError: name 'DB_USER' is not defined
Is there any efficient way to hide the credentials in SageMaker?
313
the recommended way to handle secret storage within AWS is AWS Secrets Manager. Secrets Manager stores secret in a secured fashion as a key-value pair. The key benefit is that it allows you to administer access to those secrets via IAM roles and permission abstractions, and retrieve them with the SDK of your choice, such as boto3 for example. Secrets Manager is actually also used by Amazon SageMaker for git credential storage in the case of third-party git integrations
192
Extending on Olivier's answers, you could provide your Sagemaker endpoint with the proper roles in the deployment code like so
role = 'arn:aws:iam::xxxxxxxxxx:role/service-role/AmazonSageMaker-ExecutionRole-xxxxxxxxxx:role'
sagemaker_model = MXNetModel(model_data = 's3://' + bucket + '/model/model.tar.gz',
role = role,
entry_point = 'entry_point.py',
py_version='py3',
framework_version='1.4.1',
sagemaker_session = sagemaker_session)
Just remember to provide the necessary permissions in the Role you provided
44
answered Oct 17 '25 12:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With