Merge pull request #106855 from nibaccam/secrets-maintenance

Jak-MS · web-flow · commit 65f455e7183c · 2020-03-09T09:48:25.000-06:00
Secrets| Freshness update
diff --git a/articles/machine-learning/how-to-use-secrets-in-runs.md b/articles/machine-learning/how-to-use-secrets-in-runs.md
@@ -9,32 +9,33 @@ ms.reviewer: larryfr
 ms.service: machine-learning
 ms.subservice: core
 ms.topic: conceptual
-ms.date: 11/08/2019
-ms.custom: seodec18
+ms.date: 03/09/2020
 
 ---
 
 # Use secrets in training runs
 [!INCLUDE [applies-to-skus](../../includes/aml-applies-to-basic-enterprise-sku.md)]
 
-In this article, you learn how to use secrets in training runs securely. For example, to connect to an external database to query training data, you would need to pass your username and password to the remote run context. Coding such values into training scripts in cleartext is insecure as it would expose the secret. 
+In this article, you learn how to use secrets in training runs securely. Authentication information such as your user name and password are secrets. For example, if you connect to an external database in order to query training data, you would need to pass your username and password to the remote run context. Coding such values into training scripts in cleartext is insecure as it would expose the secret. 
 
-Instead, your Azure Machine Learning Workspace has [Azure Key Vault](https://docs.microsoft.com/azure/key-vault/key-vault-overview) as associated resource. This Key Vault can be used for passing secrets to remote runs securely through a set of APIs in Azure Machine Learning Python SDK.
+Instead, your Azure Machine Learning workspace has an associated resource called a [Azure Key Vault](https://docs.microsoft.com/azure/key-vault/key-vault-overview). Use this Key Vault to pass secrets to remote runs securely through a set of APIs in the Azure Machine Learning Python SDK.
 
 The basic flow for using secrets is:
- 1. On local computer, log in to Azure and connect to your Workspace.
+ 1. On local computer, log in to Azure and connect to your workspace.
  2. On local computer, set a secret in Workspace Key Vault.
  3. Submit a remote run.
- 4. Within the remote run, get the secret from Key Value and use it.
+ 4. Within the remote run, get the secret from Key Vault and use it.
 
 ## Set secrets
 
-In the Azure Machine Learning Python SDK, the [Keyvault](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py) class contains methods for setting secrets. In your local Python session, first obtain a reference to Workspace Key Vault, and then use [set_secret](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#set-secret-name--value-) method to set a secret by name and value.
+In the Azure Machine Learning, the [Keyvault](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py) class contains methods for setting secrets. In your local Python session, first obtain a reference to your workspace Key Vault, and then use the [`set_secret()`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#set-secret-name--value-) method to set a secret by name and value. The __set_secret__ method updates the secret value if the name already exists.
 
 ```python
 from azureml.core import Workspace
+from azureml.core import Keyvault
 import os
 
+
 ws = Workspace.from_config()
 my_secret = os.environ.get("MY_SECRET")
 keyvault = ws.get_default_keyvault()
@@ -43,25 +44,25 @@ keyvault.set_secret(name="mysecret", value = my_secret)
 
 Do not put the secret value in your Python code as it is insecure to store it in file as cleartext. Instead, obtain the secret value from an environment variable, for example Azure DevOps build secret, or from interactive user input.
 
-You can list secret names using the [list_secrets](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#list-secrets--) method. The __set_secret__ method updates the secret value if the name already exists.
+You can list secret names using the [`list_secrets()`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#list-secrets--) method and there is also a batch version,[set_secrets()](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#set-secrets-secrets-batch-) that allows you to set multiple secrets at a time.
 
 ## Get secrets
 
-In your local code, you can use the[Keyvault.get_secret](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#get-secret-name-) method to get the secret value by name.
+In your local code, you can use the[`get_secret()`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#get-secret-name-) method to get the secret value by name.
 
-In runs submitted using  [Experiment.submit](https://docs.microsoft.com/python/api/azureml-core/azureml.core.experiment.experiment?view=azure-ml-py#submit-config--tags-none----kwargs-), use the [Run.get_secret](https://docs.microsoft.com/python/api/azureml-core/azureml.core.run.run?view=azure-ml-py#get-secret-name-) method. Because a submitted run is aware of its Workspace, this method shortcuts the Workspace instantiation and returns the secret value directly.
+For runs submitted the [`Experiment.submit`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.experiment.experiment?view=azure-ml-py#submit-config--tags-none----kwargs-)  , use the [`get_secret()`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.run.run?view=azure-ml-py#get-secret-name-) method with the [`Run`](https://docs.microsoft.com/python/api/azureml-core/azureml.core.run(class)?view=azure-ml-py) class. Because a submitted run is aware of its workspace, this method shortcuts the Workspace instantiation and returns the secret value directly.
 
 ```python
 # Code in submitted run
-from azureml.core import Run
+from azureml.core import Experiment, Run
 
 run = Run.get_context()
 secret_value = run.get_secret(name="mysecret")
 ```
 
 Be careful not to expose the secret value by writing or printing it out.
 
-The set and get methods also have batch versions [set_secrets](https://docs.microsoft.com/python/api/azureml-core/azureml.core.keyvault.keyvault?view=azure-ml-py#set-secrets-secrets-batch-) and [get_secrets](https://docs.microsoft.com/python/api/azureml-core/azureml.core.run.run?view=azure-ml-py#get-secrets-secrets-) for accessing multiple secrets at once.
+There is also a batch version, [get_secrets()](https://docs.microsoft.com/python/api/azureml-core/azureml.core.run.run?view=azure-ml-py#get-secrets-secrets-) for accessing multiple secrets at once.
 
 ## Next steps
 
