The tutorials all suggest storing your tokens as plaintext #14

joerunde · 2025-01-23T22:00:43Z

Just a heads up that all of your tutorials suggest setting your HF token in plaintext as an environment variable in the deployments like

    env:
      - name: HF_TOKEN
        value: <YOUR_HF_TOKEN>

This might be fine to do on a local minikube cluster on your machine, but it's super unsafe to do on a remote cluster.

I'd suggest setting up a secret in the helm chart to hold the token, so that it can be safely referenced in the deployment instead like:

    env
       - name: HF_TOKEN
         valueFrom:
           secretKeyRef:
             name: hf-token-secret
             key: token

The text was updated successfully, but these errors were encountered:

ApostaC · 2025-01-24T05:29:02Z

Thanks for pointing it out! This is on our current TODO list and will be updated soon.

ApostaC · 2025-01-26T22:23:40Z

Hey @joerunde , I just created PR #22 to fix this. Feel free to take a look and leave your comments there.

ApostaC self-assigned this Jan 24, 2025

ApostaC mentioned this issue Jan 26, 2025

feat: Use secrets to configure HF_TOKEN #22

Merged

ApostaC closed this as completed in #22 Jan 27, 2025

Provide feedback