Secrets at build time

use case

I am deploying multiple apps from private GitHub repositories. A lot of the code is re-used across apps, so I have packaged this repeated code as a python module in its own private repository, which I then install as a dependency for all the streamlit apps where it is needed. During local development, specifying a private repo as a dependency works fine. I can store my GitHub access token as an environment variable and include this variable in requirements.txt as documented here. Something like this:


Now I want to do this on Streamlit Cloud.


I need to supply my GitHub access token as a secret at build time. It seems that secrets are currently only passed to the app at run time. If I specify GITHUB_TOKEN in the secret settings for an app, I see that it is available once the app is up and running. But I need it while the app is being built, in order to fetch the private dependency.


Is there any way to set secrets at build time? Or is this feature likely to be implemented in a future version?


This is a different concept than the secrets in settings. Your requirements.txt should work as is in streamlit cloud.

@Goyo thanks for the clarification.

So I guess my slightly reformulated question is: Is there any other way of pulling in a private repository as a dependency?

Oh, I misread. One straightforward way is not making it part of the build but instead making your startup code install it the import fails. Like people usually do in google colab notebooks.

1 Like

Thanks! That is a good workaround. Will do that.