# Return to the knowledge base

Category

Knowledge Base, Netpicker, Network automation, Security

Using Secret Variables in Netpicker Jobs

Overview

Use the Secret type for sensitive job parameters (passwords, tokens, community strings). It renders as a masked input field in the UI and prevents accidental exposure in logs.

Import

from comfy import job, Secret

How It Works

Declare a parameter as Secret instead of str. Netpicker handles the rest — the field is masked in the UI and the value is passed securely into your job. You can mix Secret and regular str parameters freely:

from comfy import job, Secret

@job(platform=['cisco_ios'])
def create_user(device, username: str, password: Secret):
    device.cli.send_config_set([
        f"username {username} privilege 15 secret {password}"
    ])
    return f"User {username} created"

In the UI, username renders as a normal text field and password as a masked input.

Tip: Accessing the Raw String Value

In most jobs you can pass the Secret object directly and Netpicker handles it. If you ever need the raw string — for example, to build a custom payload or pass it to an external API — call .get_value():

real_value = password.get_value()  # returns a plain str
print(real_value)                  # 1234

Note that printing the Secret object directly (without .get_value()) outputs ********, not the real value.

Would you like a hands-on session?

A couple times a week our in-house trainer is available for a private or group session. In this session we can cover our Slurp’it or Mock’it solution but also integrations with Netpicker, NetBox, Nautobot & Infrahub.

Book a workshop
Yes, keep me informed

Connect with us on LinkedIn to stay updated on the latest happenings, news, and exciting developments at Slurp’it. Just click the button below to follow us and be a part of our professional network.

Newsletter