- Understand how each training surface handles your data.
- Choose the surface that fits your data-privacy requirements.
- Know exactly what is retained, what is not, and how to delete it.
Choosing a training surface
Fireworks offers three ways to train, differing mainly in where your training data lives:Data retention by surface
When training runs on Fireworks-managed storage, training data is stored in Google Cloud Storage (GCS) with only a reference link retained in our database. Customers control deletion of their own datasets.Managed Training
Retention behavior depends on the job type:Training API
The Training API works differently: you write the training loop in your own environment, load and tokenize data locally, and send tokenizedDatum batches to Fireworks GPUs on each forward_backward call. What this means for your data:
- No dataset upload step and no dataset file stored on Fireworks’ side. Fireworks never receives your raw JSONL, and for RL or distillation the trainer never sees raw prompt text.
- The trainer does receive the training content — as tokenized
Datumbatches on everyforward_backwardcall. Those tokens are your data; they are processed transiently for the gradient step and are not retained as a dataset.
- Checkpoints — retained for 30 days (deletable earlier on request) so you can restart jobs without losing work.
- Traces / logs — retained for 30 days (deletable earlier on request) so you can evaluate job performance and improve your training.
Encryption at rest (CMEK)
If you use Managed Training but want to control encryption of the data Fireworks stores, Customer-Managed Encryption Keys (CMEK) let you bring an encryption key from your own cloud KMS. Fireworks uses your key to encrypt the artifacts your jobs read and write, and every use of the key is recorded in your own cloud’s audit log. Because Fireworks can only decrypt your data while your KMS answers an unwrap request, you stay in control: disable or revoke the key and Fireworks can no longer read your datasets or checkpoints. CMEK covers the durable artifacts a Managed Training job reads and writes:- Training and evaluation datasets you upload
- Intermediate checkpoints and distributed-checkpoint shards
CMEK currently supports AWS KMS and Supervised Fine-Tuning (SFT). Support for Azure Key Vault, Google Cloud KMS, DPO, and RFT is coming soon. CMEK protects data at rest — during an active job, training compute processes your data in plaintext in memory.
Dataset Storage (BYOB)
Bring Your Own Bucket (BYOB) is the recommended configuration for Managed Training under strict data-governance requirements. Your dataset stays in your own cloud storage: Fireworks reads it in-place during active training only, with no copy persisted on Fireworks-managed storage, and you retain full ownership and deletion authority. This applies to both Supervised Fine-Tuning (SFT) and Reinforcement Fine-Tuning (RFT) jobs. BYOB works with all three major cloud providers — bring a bucket from whichever you already use:GCS Bucket Integration
Use external Google Cloud Storage (GCS) buckets for fine-tuning while keeping your data private. Fireworks creates proxy datasets that reference your external buckets—data is only accessed during fine-tuning within a secure, isolated cluster.Your data never leaves your GCS bucket except during fine-tuning, ensuring maximum privacy and security.
Required Permissions
You need to grant access to three service accounts. Fireworks provides the control plane and inference service account emails during BYOB onboarding. Fireworks Control Plane- Account: Fireworks control plane service account (provided at onboarding)
- Required role: Custom role with
storage.buckets.getIamPolicypermission
- Account: Fireworks inference service account (provided at onboarding)
- Required role: Storage Object Viewer (
roles/storage.objectViewer)
- Account: Your company’s Fireworks account email (get it with
firectl account get) - Required role: Storage Object Viewer (
roles/storage.objectViewer)
Usage
AWS S3 Bucket Integration
Use external AWS S3 buckets for fine-tuning while keeping your data private. Fireworks accesses your S3 data using GCP-to-AWS OIDC federation—no long-lived credentials are stored.S3 bucket integration is currently supported for training datasets only (SFT and RFT jobs). Evaluation datasets are not yet supported.
IAM Role Setup
Create an IAM role with a trust policy that allows Fireworks to assume it via web identity federation. Fireworks provides the OIDC audience value during BYOB onboarding.- Federated Principal:
accounts.google.com - Action:
sts:AssumeRoleWithWebIdentity - Condition:
accounts.google.com:audequals<FIREWORKS_GCP_OIDC_AUDIENCE>
s3:GetObject and s3:ListBucket on your bucket.
Contact inquiries@fireworks.ai if you need the exact audience value.
See the AWS documentation for detailed steps on creating roles for OIDC federation.
Usage
For RFT jobs, use
firectl rftj create with the same --aws-iam-role flag.Alternative: Credentials Secret
Instead of IAM role federation, you can use static AWS access keys stored in a Fireworks secret:Azure Blob Storage Integration
Use external Azure Blob Storage containers for fine-tuning while keeping your data private. Fireworks accesses your Azure data using GCP-to-Azure Workload Identity Federation—no long-lived credentials are stored.Azure Blob Storage integration is currently supported for training datasets only (SFT and RFT jobs). Evaluation datasets are not yet supported.
Federated Identity Setup
Create an App Registration (or user-assigned Managed Identity) in your Azure AD tenant with a federated credential that trusts the Fireworks GCP service account. Fireworks provides the subject identifier during BYOB onboarding.- Issuer:
https://accounts.google.com - Subject identifier:
<FIREWORKS_GCP_SERVICE_ACCOUNT_UNIQUE_ID> - Audience:
api://AzureADTokenExchange
Usage
For RFT jobs, use
firectl rftj create with the same --azure-managed-identity-client-id and --azure-tenant-id flags.Alternative: Credentials Secret
Instead of workload identity federation, you can store Azure credentials in a Fireworks secret. The secret value must be a JSON object containing one of:connection_string, sas_token, or account_key.
Secure Reinforcement Fine-Tuning (RFT)
Use reinforcement fine-tuning while keeping sensitive components and data under your control. Follow these steps to run secure RFT end to end using your own storage and reward pipeline.1
Configure storage (BYOB)
Set up your dataset storage using GCS, AWS S3, or Azure Blob Storage as described above.For models, you can optionally use External AWS S3 Bucket Integration.
2
Prepare your reward pipeline and rollouts
Keep your reward functions, rollout servers, and training metrics under your control. Generate rewards from your environment and write them to examples in your dataset (or export a dataset that contains per-example rewards).
- Reward functions and reward models remain proprietary and never need to be shared
- Rollouts and evaluation infrastructure run in your environment
- Model checkpoints can be registered to your storage registry if desired
3
Create a dataset that includes rewards
Create or point a
Dataset at your BYOB storage. Ensure each example contains the information required by your reward pipeline (for example, prompts, outputs/trajectories, and numeric rewards).You can reuse existing supervised data by attaching reward signals produced by your pipeline, or export a fresh dataset into your bucket for consumption by RFT.
4
Run reinforcement fine-tuning step from Python
Use the Python SDK to create a reinforcement fine-tuning step that reads from your BYOB dataset and produces a new checkpoint.See the Create Reinforcement Fine-tuning Step API reference for full parameters and options.
When continuing from a LoRA checkpoint, training parameters such as
lora_rank, learning_rate, max_context_length, and batch_size_samples must match the original LoRA training.5
Verify outputs and enforce controls
- Validate the new checkpoint functions as expected in your environment
- If exporting models to your storage, apply your registry policies and access reviews
- Review audit logs and rotate any temporary credentials used for the run
You now have an end-to-end secure RFT workflow with BYOB datasets, proprietary reward pipelines, and isolated training jobs that generate new checkpoints.
Inference
Inference at Fireworks follows Zero Data Retention by default: prompts and generations exist only in volatile memory for the duration of the request and are never written to persistent storage or used to train any model. For full details, including the Response API storage exception and how to opt out, see the Zero Data Retention policy.Customer controls
The following controls are available for training workloads:
For inference-side controls — disabling Response API storage (
store=False) or deleting a specific response — see the Zero Data Retention policy.
Related Resources
Zero Data Retention
How Fireworks handles inference data by default
Customer-Managed Encryption Keys (CMEK)
Encrypt managed fine-tuning data with your own KMS key
Data Security Overview
Learn about our comprehensive security measures
Reinforcement Fine Tuning
Full guide to reinforcement fine-tuning
Training API
Custom training loops that keep your data on your side