https://prefect.io logo
Join Slack
Powered by
Hi! Where do you store secrets such as database-co...
# prefect-cloud
s
Hi! Where do you store secrets such as database-connections trings that's usually stored in an .env-file? I don't want to add them in cleartext when setting up a pool or a Process.
r
prefect has secret blocks else depends on the infra you are running on, k8s/aws secret manager etc etc
m
You can take a look at this: https://docs.prefect.io/2.11.3/concepts/blocks/ it might help
s
Thanks! But I get this error?
m
not sure what to do, have not used secrets in the code, only as a part of the prefect.yaml file
s
OK thanks anyway. How do you do it in the yaml-file? I'm assuming you don't store passwords there?
m
it depends on the secret, I suggest reading the deployment section of the docs
s
It's not really making it any clearer 😞 I see an example of pulling a secret when git cloning (which've used), but for setting variables for the flow itself - I don't see anything.
r
did you create a secret block called t when you ran the code above?
s
Yeah, I got that working despite the error in PyCharm.
So I can do it like that, but I'm wondering if I can also specify the env-variables in the prefect.yaml deployment file and link to the secret there, so that it's available at the flows runtime.
I may have found it.
r
cool, we use k8s secrets that are injected using env vars
upvote 1
s
Mind showing me how it looks like?
r
in terms of the job template it does this, which asically pulls in all the secrets from the prefect-flow-secrets group in k8s
Copy code
customizations:
  - op: add
    path: /spec/template/spec/containers/0/envFrom/-
    value:
      secretRef:
        name: prefect-flow-secrets
so it turns all of the secrets in that group into environment variables for the container
c
I’ve done this as well with managed identity for both ACI and AKS (retrieving from azure keyvault), but presumably doable with secrets manager for GCP and AWS as well
Open in Slack
PreviousNext
Powered by