Version: v0.67.0

Change passphrase

This page describes how to protect deployments by managing their passphrases using the H2O MLOps Python client.

Connect to H2O MLOps.

import h2o_mlops
import time


mlops = h2o_mlops.Client()

Retrieve a deployment and view its security options.

project = mlops.projects.list()[0]
environment = project.environments.list()[0]
deployment = environment.deployments.list()[0]

print(deployment.security_options)

Output:

passphrase: h2oai
hashed_passphrase: False

Update the passphrase for a deployment. Note that the same method can be used to add passphrase protection to an unprotected deployment.

deployment.update_security_options(
   passphrase="new"
)

print(deployment.security_options)

Output:

passphrase: new
hashed_passphrase: False

Confirm that the passphrase update is complete by checking if the deployment is "healthy".

while not deployment.is_healthy():
   deployment.raise_for_failure()
   time.sleep(5)

For demonstration purposes, try connecting to one of the deployment endpoints using the get_capabilities method. This returns an HTTP error because the deployment passphrase has been changed.

try:
   deployment.get_capabilities(passphrase="h2oai")
except Exception as e:
   print(e)

Output:

Client error '401 Unauthorized' for url 'https://model.internal.dedicated.h2o.ai/>c3bad4d6-265a-4bf7-95ec-81c714d62339/model/capabilities'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401

When using the updated passphrase, the get_capabilities method returns successfully.

deployment.get_capabilities(passphrase="new")

Output:

['SCORE_PREDICTION_INTERVAL', 'SCORE']

Note that once a deployment is protected, the requirement for a passphrase cannot be changed.

deployment.update_security_options(
   passphrase=None
)

Output:

---------------------------------------------------------------------------
RuntimeError                              Traceback (most recent call last)
Cell In[7], line 1
----> 1 deployment.update_security_options(
     2     passphrase=None
     3 )

File ~/miniconda3/envs/h2o/lib/python3.9/site-packages/h2o_mlops/_deployments.py:319, in >MLOpsScoringDeployment.update_security_options(self, passphrase, hashed_passphrase)
   317 raw_info = self._get_raw_info()
   318 if not passphrase and raw_info.security.passphrase.hash:
--> 319     raise RuntimeError("Cannot remove passphrase protection from a deployment.")
   320 raw_info.security.passphrase.hash = passphrase
   321 if hashed_passphrase:

RuntimeError: Cannot remove passphrase protection from a deployment.

Feedback

Submit and view feedback for this page
Send feedback about H2O MLOps to cloud-feedback@h2o.ai