Secrets
NOTE
You can also use other secret management tools, such as dotenv, with Streamlit.
Streamlit provides native file-based secrets management to securely store and access the secrets in your app.
Global vs Project-specific
Streamlit provides two ways to manage secrets using TOML format.
Global
If you need to share secrets across all projects, you can place the secrets in the global secrets file, which is:
~/.streamlit/secrets.tomlfor macOS/Linux.%userprofile%/.streamlit/secrets.tomlfor Windows.
# Everything in this section will be available as an environment variable
db_username = "Jane"
db_password = "mypassword"
# You can also add other sections if you like.
# The contents of sections as shown below will not become environment variables,
# but they'll be easily accessible from within Streamlit anyway as we show
# later in this doc.
[my_other_secrets]
things_i_like = ["Streamlit", "Python"]Project-specific Secrets
If you have secrets that are applicable only to a specific project, you can manage them using the project-specific secret file at $ROOT/.streamlit/secrets.toml ($ROOT is the folder you're running Streamlit from).
IMPORTANT
If a secret exists in both global secrets file and project-specific secrets file, the project-specific one will overwrite the global one.
WARNING
Make sure the project-specific file is added to .gitignore, to avoid committing it to the remote repo. This is one of the advantages when using global secrets.
Access secrets
You can access the secrets either by using st.secrets dict or as environment variables.
import os
import streamlit as st
st.write(
"This will print True:",
os.environ["db_username"] == st.secrets["db_username"],
)NOTE
Similar to st.session_state, you can access st.secrets values using key notation (st.secrets["key"]) or attribute notation (st.secrets.key).