Is there currently a block capable of configuring access to Prefect Community #ask-community

Join Slack

Is there currently a block capable of configuring ...

# ask-community

Daniel Lomartra

06/21/2023, 5:13 PM

Is there currently a block capable of configuring access to an Azure Keyvault from within K8s job infrastructure ?

✅ 1

Christopher Boyd

06/21/2023, 5:17 PM

Not as a block, but you can do this using managed identity and code

Christopher Boyd

06/21/2023, 5:18 PM

what are you looking to do specifically?

Daniel Lomartra

06/21/2023, 5:49 PM

I need my flows to be able to access the kayvault to retrieve various credentials for external APIs like fivetran and power bi

Christopher Boyd

06/21/2023, 5:51 PM

Unfortunately, there is not a tie-in block yet for vaults (keyvault / hashicorp / secrets manager) , but you can use the native code to do this in-flow like:

Copy code

from azure.identity import DefaultAzureCredential, ManagedIdentityCredential
from azure.keyvault.secrets import SecretClient

# Set up the default credential, which uses the managed identity of the Azure resource (ACI, VM, etc.)
credential = DefaultAzureCredential(exclude_shared_token_cache_credential=True)

# Create a secret client using the default credential and the URL to the Key Vault
secret_client = SecretClient(vault_url="<https://mykeyvault.vault.azure.net>", credential=credential)

# Retrieve the secret
secret_name = "mysecret"
retrieved_secret = secret_client.get_secret(secret_name)

Christopher Boyd

06/21/2023, 5:51 PM

I’ve used this with managed identity for things like cloning code from a private repository, or blob storage connection strings

Christopher Boyd

06/21/2023, 5:51 PM

within a prefect flow

Christopher Boyd

06/21/2023, 5:53 PM

There is a goal to integrate 3rd party secret storage, but unfortunately I don’t have a timeline of when that might be complete

Daniel Lomartra

06/21/2023, 5:57 PM

Got it. Thank you.

6 Views

Open in Slack

Previous Next