diff --git a/docs/hub/spaces-overview.md b/docs/hub/spaces-overview.md index 276d9b316..17c133b23 100644 --- a/docs/hub/spaces-overview.md +++ b/docs/hub/spaces-overview.md @@ -66,14 +66,25 @@ If your app requires environment variables (for instance, secret keys or tokens) +You can use: -Variables are publicly accessible and viewable and will be automatically added to Spaces duplicated from your repository. They are exposed to your app as environment variables. +* **Variables** if you need to store non-sensitive configuration values. They are publicly accessible and viewable and will be automatically added to Spaces duplicated from yours. +* **Secrets** to store access tokens, API keys, or any sensitive values or credentials. They are private and their value cannot be read from the Space's settings page once set. They won't be added to Spaces duplicated from your repository. -For Static Spaces, they are available through client-side JavaScript in `window.huggingface.variables`. -For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management). +Accessing secrets and variables is different depending on your Space SDK: -Secrets are private and their value cannot be retrieved once set. They won't be added to Spaces duplicated from your repository. The secrets will be exposed to your app with [Streamlit Secrets Management](https://blog.streamlit.io/secrets-in-sharing-apps/) if you use Streamlit, and as environment variables in other cases. For Docker Spaces, please check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management). Users are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). +- For Static Spaces, both are available through client-side JavaScript in `window.huggingface.variables` +- For Docker Spaces, check out [environment management with Docker](./spaces-sdks-docker#secrets-and-variables-management) +- For Streamlit Spaces, secrets are exposed to your app through [Streamlit Secrets Management](https://blog.streamlit.io/secrets-in-sharing-apps/), and public variables are directly available as environment variables + +For other Spaces, both are exposed to your app as environment variables. Here is a very simple example of accessing the previously declared `MODEL_REPO_ID` variable in Python (it would be the same for secrets): +```py +import os +print(os.getenv['MODEL_REPO_ID']) +``` + +Spaces owners are warned when our `Spaces Secrets Scanner` [finds hard-coded secrets](./security-secrets). ## Duplicating a Space