Hi,
how are you exposing secrets (like API keys) to DCCs, so that artists can access them for their work (artists don’t need to see the value, but the tool they are using needs to access it)?
One way would be to store them as env vars on a project/tool level and then refer to it from the tool which needs the API key. This relies on trusting artists that they won’t publish all of their env vars somewhere - which is fine in some cases.
I had a look at the secrets tab in studio settings, but haven’t found a way of refering that in environments. I suspect that this is inteded for the backend only and not hosts (DCCs).
So I’m thinking if you are storing such secrets as ayon-configured env vars, or you have some more appropriate mechanisms for that.
As you have outlined, any secrets are added to AYON Secrets Tab which is mainly used on the AYON Server web app.
In your DCC, you can retrieve these secrets via AYON Python API. AYON Server will only respond with the values if the user has the proper permissions. e.g. if a user can see the contents of secrets tab, the secrets api call will work for them.
Alternatively, since your goal is setting some environment variables for DCCs, then you may consider achieving it by setting environment variables in application or core addon as outlined in the following guide.