Skip to main content
Version: v0.67.0

Change passphrase

This page describes how to protect deployments by managing their passphrases using the H2O MLOps Python client.

  1. Connect to H2O MLOps.
import h2o_mlops
import time


mlops = h2o_mlops.Client()
  1. Retrieve a deployment and view its security options.
project = mlops.projects.list()[0]
environment = project.environments.list()[0]
deployment = environment.deployments.list()[0]

print(deployment.security_options)

Output:

passphrase: h2oai
hashed_passphrase: False
  1. Update the passphrase for a deployment. Note that the same method can be used to add passphrase protection to an unprotected deployment.
deployment.update_security_options(
passphrase="new"
)

print(deployment.security_options)

Output:

passphrase: new
hashed_passphrase: False
  1. Confirm that the passphrase update is complete by checking if the deployment is "healthy".
while not deployment.is_healthy():
deployment.raise_for_failure()
time.sleep(5)
  1. For demonstration purposes, try connecting to one of the deployment endpoints using the get_capabilities method. This returns an HTTP error because the deployment passphrase has been changed.
try:
deployment.get_capabilities(passphrase="h2oai")
except Exception as e:
print(e)

Output:

Client error '401 Unauthorized' for url 'https://model.internal.dedicated.h2o.ai/>c3bad4d6-265a-4bf7-95ec-81c714d62339/model/capabilities'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
  1. When using the updated passphrase, the get_capabilities method returns successfully.
deployment.get_capabilities(passphrase="new")

Output:

['SCORE_PREDICTION_INTERVAL', 'SCORE']
  1. Note that once a deployment is protected, the requirement for a passphrase cannot be changed.
deployment.update_security_options(
passphrase=None
)

Output:

---------------------------------------------------------------------------
RuntimeError Traceback (most recent call last)
Cell In[7], line 1
----> 1 deployment.update_security_options(
2 passphrase=None
3 )

File ~/miniconda3/envs/h2o/lib/python3.9/site-packages/h2o_mlops/_deployments.py:319, in >MLOpsScoringDeployment.update_security_options(self, passphrase, hashed_passphrase)
317 raw_info = self._get_raw_info()
318 if not passphrase and raw_info.security.passphrase.hash:
--> 319 raise RuntimeError("Cannot remove passphrase protection from a deployment.")
320 raw_info.security.passphrase.hash = passphrase
321 if hashed_passphrase:

RuntimeError: Cannot remove passphrase protection from a deployment.

Feedback