Overview
This guide shows you how to verify that a secret rotated in your cloud provider is picked up on the very next automation kickoff — no re-deploy, no worker restart. It’s only relevant when you’ve configured a Workload Identity-backed credential (AWS, GCP, Azure). Static-credential deployments require a re-deploy after rotation; nothing to verify here. The recipe below uses a tiny, self-contained crew with one tool, one agent, one task. The crew prompt never references the secret value — instead, a tool reads it fromos.environ and reports a SHA-256 fingerprint of what it sees. Rotate the secret in your cloud provider, kickoff again, and the fingerprint changes.
Why a fingerprint, not the raw value? Putting raw secrets into LLM output and trace logs is a leak vector. The fingerprint is enough to confirm “the value changed” without writing the actual value anywhere observable.
Prerequisites
Before running this verification:- A WI-backed Secret Provider Credential is configured (AWS, GCP, Azure).
- An environment variable on your deployment with
Secret = true, keyAPI_KEY(or whatever name you prefer — adjust the tool below to match), referencing a secret in your cloud provider. - A way to update the secret value in your cloud provider (CLI access or the cloud console).
- A way to kickoff the deployment via HTTP (curl, Postman, or the Run tab in CrewAI Platform).
Step 1 — Scaffold a Verification Crew
Create a classic crew project because this example wires a Python tool throughcrew.py:
Step 2 — Add the Credential Echo Tool
Replacesrc/rotation_verifier/tools/custom_tool.py with a tool that reads the secret-backed env var and returns a fingerprint:
src/rotation_verifier/tools/credential_echo_tool.py
Step 3 — Replace the Default Agent and Task Configs
The crew has one agent and one task — both with descriptions that never mention the secret value, so task keys stay stable across rotations.src/rotation_verifier/config/agents.yaml
src/rotation_verifier/config/tasks.yaml
Step 4 — Wire the Crew Class
src/rotation_verifier/crew.py
Step 5 — Deploy and Configure the Secret Env Var
Deploy this crew to CrewAI Platform exactly as you would any other crew. Then on the deployment’s Environment Variables page:- Key:
API_KEY(must matchENV_VAR_NAMEin the tool) - Value Source: the WI-backed credential you set up in AWS WI or GCP WI
- Secret Name: the name of the secret in your cloud provider’s Secret Manager
Step 6 — Run the First Kickoff
Replace<DEPLOYMENT_AUTH_TOKEN> and <DEPLOYMENT_HOST> with values from your deployment’s Run tab.
Step 7 — Rotate the Secret in Your Cloud Provider
- AWS
- GCP
- Azure
Step 8 — Run a Second Kickoff and Compare
What This Verifies — and What It Doesn’t
Verifies:- WI OIDC token minting from CrewAI Platform works.
- Cloud-side trust (IAM OIDC provider for AWS, Workload Identity Pool for GCP, Federated Identity Credential for Azure) accepts the token.
- The cloud-side identity (IAM Role / GCP service account / Entra App Registration) has access to read the secret.
- The secret value reaches
os.environof the worker process at kickoff time. - Subsequent rotations propagate to the next kickoff.
- That your real production crews handle the rotation gracefully — e.g., long-running tasks that read the env var once at startup will keep using the old value until the task ends. Plan accordingly: read secrets at the point of use, not at module import.
Why Not Reference the Secret Directly in the Prompt?
A simpler-looking demo would put the secret value directly into a task description (e.g., “Research about{api_key}”) and inspect the prompt. Don’t do that. Two reasons:
- It leaks the secret into LLM call traces and provider-side logs. Anyone with trace access can read it.
- It changes the task’s description at every kickoff. CrewAI Platform identifies tasks by an MD5 hash of the description; a rotating value means the hash changes per kickoff, which breaks the deploy-time → runtime task mapping. Symptom: the task records show as
pending_runindefinitely, or only some of a multi-task crew’s tasks register.
Next Steps
- Back to the Secrets Manager overview
- Once verified, drop the verification crew. Real crews should follow the same pattern: secrets accessed via
os.environinside a tool, never substituted into prompts.
