Environment Secrets

Create, store, and manage environment variables and secrets

---

Environment secrets are securely encrypted values that function as environment variables within your workflows.

They enable you to store and manage sensitive configuration data, such as third-party API keys, without hardcoding them into your scripts.

Via the UI

The Clarifai platform offers an intuitive interface for creating, managing, and securing your environment secrets.

To create a secret, log in to the Clarifai platform. Then, in the collapsible left sidebar, select Settings and choose Secrets from the dropdown list.

On the ensuing Secrets page, click the Create Environment Secrets button.

Next, on the form that pops up, enter a required name for your secret, an optional short description, and the required value.

Lastly, click the Create Environment Secret button.

The new secret will be listed in the Environment Secrets section, where you can copy, view, edit, or delete it.

note

• Environment secrets do not expire. In case your secret gets compromised, you should delete it, and create a new one.
• We recommend that you do not share your secrets with other users.

Via the API

Prerequisites

Install Python SDK

Install the latest version of the Clarifai Python SDK package.

Bash

 pip install --upgrade clarifai 

Get Credentials

Go to your Clarifai account and retrieve the following credentials:

• User ID – In the collapsible left sidebar, select Settings and choose Account from the dropdown list. Then, locate your user ID.
• PAT – From the same Settings option, choose Secrets to generate or copy your Personal Access Token (PAT). This token is used to authenticate your connection with the Clarifai platform.

You can then set the PAT as an environment variable using CLARIFAI_PAT.

Unix-Like Systems

 export CLARIFAI_PAT=YOUR_PERSONAL_ACCESS_TOKEN_HERE 

Windows

 set CLARIFAI_PAT=YOUR_PERSONAL_ACCESS_TOKEN_HERE 

Create

You can create a new environment secret by providing its ID and value.

Python SDK

from clarifai.client.user import User

# Set PAT as an environment variable before running this snippet:
#   export CLARIFAI_PAT=YOUR_PAT_HERE # Unix-Like Systems
#   set CLARIFAI_PAT=YOUR_PAT_HERE  # Windows

# # Initialize User client
client = User(user_id="YOUR_USER_ID")

# Create one or more secrets
secrets = [
    {
        "id": "OPENAI_KEY_2025",
        "value": "your_super_secret_api_key_here",
        "description": "My OpenAI key for experiments"
    }
]

created_secrets = client.create_secrets(secrets)
print("Created Secrets:", created_secrets)

cURL

curl -X POST "https://api.clarifai.com/v2/users/YOUR_USER_ID_HERE/secrets" \
  -H "Authorization: Key YOUR_PAT_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "secrets": [
      {
        "id": "OPENAI_KEY_2025",        
        "value": "your_super_secret_api_key_here",
        "description": "My OpenAI key for experiments"  
      }
    ]
  }'

Example Output

[INFO] 12:18:09.938891 Secrets created successfully:
code: SUCCESS
description: "Ok"
req_id: "sdk-python-11.8.2-8839a40ace044545a2a1f7b803d60719"
 |  thread=8800297152 
Created Secrets: [{'auth': <clarifai.client.auth.helper.ClarifaiAuthHelper object at 0x104692720>, 'value': 'your_super_secret_api_key_here', 'version': 1, 'description': 'My OpenAI key for experiments', 'created_at': seconds: 1759483090
, 'modified_at': seconds: 1759483090
, 'expires_at': '1970-01-01T00:00:00Z', 'user_id': 'alfrick', 'secret_id': 'OPENAI_KEY_20251'}]

Get

You can get an existing environment secret by providing its ID.

Python SDK

from clarifai.client.user import User

# Set PAT as an environment variable before running this snippet:
#   export CLARIFAI_PAT=YOUR_PAT_HERE # Unix-Like Systems
#   set CLARIFAI_PAT=YOUR_PAT_HERE  # Windows

# Initialize User client
client = User(user_id="YOUR_USER_ID")

# Retrieve a specific secret by its ID
secret_info = client.get_secret(secret_id="OPENAI_KEY_2025")
print("Secret Info:", secret_info)

cURL

curl -X GET "https://api.clarifai.com/v2/users/YOUR_USER_ID_HERE/secrets/YOUR_SECRET_ID_HERE" \
  -H "Authorization: Key YOUR_PAT_HERE" \
  -H "Content-Type: application/json"

Example Output

Secret Info: {'auth': <clarifai.client.auth.helper.ClarifaiAuthHelper object at 0x105512840>, 'value': 'your_super_secret_api_key_here', 'version': 1, 'description': 'My OpenAI key for experiments', 'created_at': seconds: 1759480228
, 'modified_at': seconds: 1759480228
, 'expires_at': '1970-01-01T00:00:00Z', 'user_id': 'alfrick', 'secret_id': 'OPENAI_KEY_2025'}

List

You can list all the environment secrets you have.

Python SDK

from clarifai.client.user import User

# Set PAT as an environment variable before running this snippet:
#   export CLARIFAI_PAT=YOUR_PAT_HERE # Unix-Like Systems
#   set CLARIFAI_PAT=YOUR_PAT_HERE  # Windows

# Initialize User client
client = User(user_id="YOUR_USER_ID")

# List all secrets
all_secrets = list(client.list_secrets(page_no=1))

print("Secrets:")
for secret in all_secrets:
    print(secret)

cURL

curl -X GET "https://api.clarifai.com/v2/users/YOUR_USER_ID_HERE/secrets" \
  -H "Authorization: Key YOUR_PAT_HERE" \

Note: If you specify page_no but not per_page, pagination defaults to 16 items per page. If both page_no and per_page are left as None, all resources are listed without pagination.

Example Output

Secrets:
{'auth': <clarifai.client.auth.helper.ClarifaiAuthHelper object at 0x10436aff0>, 'value': 'your_super_secret_api_key_here', 'version': 1, 'description': 'My OpenAI key for experiments', 'created_at': seconds: 1759483090
, 'modified_at': seconds: 1759483090
, 'expires_at': '1970-01-01T00:00:00Z', 'user_id': 'alfrick', 'secret_id': 'OPENAI_KEY_20251'}
{'auth': <clarifai.client.auth.helper.ClarifaiAuthHelper object at 0x10436aff0>, 'value': 'your_super_secret_api_key_here', 'version': 1, 'description': 'My OpenAI key for experiments', 'created_at': seconds: 1759492357
, 'modified_at': seconds: 1759492357
, 'expires_at': '1970-01-01T00:00:00Z', 'user_id': 'alfrick', 'secret_id': 'OPENAI_KEY_2025'}

Update

You can update an existing environment secret by providing its ID.

Python SDK

from clarifai.client.user import User

# Initialize the client
client = User(user_id="YOUR_USER_ID")

# Update an existing secret's description or value
patched_secrets = client.patch_secrets(
    secrets=[
        {
            "id": "OPENAI_KEY_2025",
            "value": "new_secret_value",
            "description": "Updated Secret Description"
        }
    ],
    action="overwrite"  # Can also be "remove"
)

print("Patched Secrets:", patched_secrets)

Example Output

[INFO] 14:36:12.091449 Secrets patched successfully:
code: SUCCESS
description: "Ok"
req_id: "sdk-python-11.8.2-56d27720c1d7481ea77f3e8b617ead90"
 |  thread=8800297152 
Patched Secrets: [{'auth': <clarifai.client.auth.helper.ClarifaiAuthHelper object at 0x107dcd370>, 'value': 'new_secret_value', 'version': 1, 'description': 'Updated Secret Description', 'created_at': seconds: 1759480228
, 'modified_at': seconds: 1759480228
, 'expires_at': '1970-01-01T00:00:00Z', 'user_id': 'alfrick', 'secret_id': 'OPENAI_KEY_2025'}]

Delete

You can delete an existing environment secret by providing its ID.

Python SDK

from clarifai.client.user import User

client = User(user_id="YOUR_USER_ID")

# Delete one or more secrets
client.delete_secrets(secret_ids=["OPENAI_KEY_2025"])

Example Output

[INFO] 14:47:45.514014 
Secrets Deleted
code: SUCCESS
description: "Ok"
req_id: "sdk-python-11.8.2-4274906bf01b4cbc91295a51de29aa2f"
 |  thread=8800297152