MLflow plugin that injects authentication headers from secret managers
Project description
MLflow Secrets Auth
A secure MLflow plugin that automatically injects authentication headers from secret management systems into tracking requests.
Features
- Zero Code Changes: Works transparently with existing MLflow applications
- Multiple Providers: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
- Security First: Host allowlisting, credential redaction, in-memory caching only
- Production Ready: Automatic retries, TTL-based caching, comprehensive logging
Quick Start
# Install with your preferred provider
pip install mlflow-secrets-auth[vault]
# Configure for HashiCorp Vault
export VAULT_ADDR="https://vault.company.com"
export VAULT_TOKEN="your-vault-token"
export MLFLOW_VAULT_SECRET_PATH="secret/mlflow/auth"
export MLFLOW_SECRETS_AUTH_ENABLE="vault"
# Activate the plugin in MLflow (required)
export MLFLOW_TRACKING_AUTH="mlflow_secrets_auth"
# Your MLflow code works unchanged
import mlflow
mlflow.set_tracking_uri("https://mlflow.company.com")
mlflow.start_run() # Authentication happens automatically
Demo
Try the complete working example with Vault + MLflow + Nginx:
git clone https://github.com/hugodscarvalho/mlflow-secrets-auth
cd mlflow-secrets-auth/examples/vault-nginx-mlflow
make demo
This demo shows the plugin working end-to-end with a real MLflow server protected by authentication.
Supported Providers
| Provider | Install Command | Authentication | Status |
|---|---|---|---|
| HashiCorp Vault | pip install mlflow-secrets-auth[vault] |
Token, AppRole | ✅ Available |
| AWS Secrets Manager | pip install mlflow-secrets-auth[aws] |
IAM, Access Keys | ✅ Available |
| Azure Key Vault | pip install mlflow-secrets-auth[azure] |
Service Principal, Managed Identity | ✅ Available |
| Google Secret Manager | pip install mlflow-secrets-auth[gcp] |
Service Account, Workload Identity | 🚧 Planned |
Documentation
- Getting Started - Quick setup guide
- Configuration - Complete configuration reference
- Providers - Provider-specific setup
- Troubleshooting - Common issues and solutions
Requirements
- Python 3.9+
- MLflow 2.20.4+
- Provider-specific SDKs (installed with extras)
License
Apache License 2.0 - see LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mlflow_secrets_auth-0.2.0.tar.gz.
File metadata
- Download URL: mlflow_secrets_auth-0.2.0.tar.gz
- Upload date:
- Size: 30.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.4 CPython/3.12.11 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bb3f1b6f292c1ac4a385b2cc8c23d699b8a8ed3427aef7809580a9dfc7f09690
|
|
| MD5 |
06ff9efd518958c3bec3f0cfddbd3763
|
|
| BLAKE2b-256 |
1f242a13d8ab3339fd5567619af1bc6d54eed56035589800991e56fc61c05b21
|
File details
Details for the file mlflow_secrets_auth-0.2.0-py3-none-any.whl.
File metadata
- Download URL: mlflow_secrets_auth-0.2.0-py3-none-any.whl
- Upload date:
- Size: 37.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.4 CPython/3.12.11 Linux/6.11.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
163b9dc4a5674b53deee2e35b09660fd420cae446a5ec8e1e489b719c8644591
|
|
| MD5 |
bf6db02270f46b4715aa9c3f49168c6b
|
|
| BLAKE2b-256 |
3f39240a212e5d7c2d79b1fadf80aa9053488208b5664d73a4d44d5e98d657a4
|
