haystack/releasenotes/notes/secret-handling-for-components-d576a28135a224db.yaml

---
features:
  - |
    Expose a `Secret` type to provide consistent API for any component that requires secrets for authentication.
    Currently supports string tokens and environment variables. Token-based secrets are automatically
    prevented from being serialized to disk (to prevent accidental leakage of secrets).
    ```python
    @component
    class MyComponent:
      def __init__(self, api_key: Optional[Secret] = None, **kwargs):
        self.api_key = api_key
        self.backend = None

      def warm_up(self):
        # Call resolve_value to yield a single result. The semantics of the result is policy-dependent.
        # Currently, all supported policies will return a single string token.
        self.backend = SomeBackend(api_key=self.api_key.resolve_value() if self.api_key else None, ...)

      def to_dict(self):
        # Serialize the policy like any other (custom) data. If the policy is token-based, it will
        # raise an error.
        return default_to_dict(self, api_key=self.api_key.to_dict() if self.api_key else None, ...)

      @classmethod
      def from_dict(cls, data):
        # Deserialize the policy data before passing it to the generic from_dict function.
        api_key_data = data["init_parameters"]["api_key"]
        api_key = Secret.from_dict(api_key_data) if api_key_data is not None else None
        data["init_parameters"]["api_key"] = api_key
        return default_from_dict(cls, data)

    # No authentication.
    component = MyComponent(api_key=None)
    # Token based authentication
    component = MyComponent(api_key=Secret.from_token("sk-randomAPIkeyasdsa32ekasd32e"))
    component.to_dict() # Error! Can't serialize authentication tokens
    # Environment variable based authentication
    component = MyComponent(api_key=Secret.from_env("OPENAI_API_KEY"))
    component.to_dict() # This is fine
    ```