@Marvin Can you explain how I should securely declare blocks in Prefect 3? If I'm supposed to instantiate them in a python script, I shouldn't check them into my git repo, right? If that's true, how do I ensure they are stored on prefect server? Is the expectation that I run an uncommitted python script before I push deployments to a server?

When working with Prefect 3.x to declare and manage blocks securely, here's the process you should follow: 1. Declaring Blocks: Blocks in Prefect are typically defined in Python scripts. These blocks can be instantiated and then saved, which means they can store any configurations, secrets, or state needed for your flows. For example, when creating blocks like

AWSCredentials

, Prefect encourages using

SecretStr

from Pydantic to ensure that sensitive information is encrypted before being stored. This helps in keeping secret values secure if they appear in the UI or logs. You can look at Prefect's guide for more on developing blocks. 2. Storing Blocks: Once blocks are defined and saved in your script, they're stored securely on the Prefect server or Prefect Cloud. Prefect provides built-in functionality to save and load blocks using the

Block.save()

and

Block.load()

methods, respectively. This avoids the need to check these scripts with sensitive information into your version control system. 3. Running Scripts: While it's not ideal to commit scripts that contain secrets to a Git repository, you should indeed run them on your environment where Prefect is configured to ensure blocks are saved to your Prefect server. This can be part of your deployment process. You might maintain a separate configuration script that you run independently from your application code. Here's an example of using a Prefect block:

python
from prefect.blocks.core import Block
from pydantic import SecretStr

class AWSCredentials(Block):
    aws_access_key_id: str
    aws_secret_access_key: SecretStr

# Create an instance of the block and save it to Prefect server
my_credentials = AWSCredentials(
    aws_access_key_id="your-access-key-id",
    aws_secret_access_key=SecretStr("your-secret-access-key")
)
my_credentials.save("my-aws-credentials")

This block's data will be encrypted and stored in Prefect, ensuring your credentials remain secure. For any specific issues or to look for updates on potential bugs or enhancements, you can check the Prefect GitHub issues page or the Prefect discussions for more detailed advice from the Prefect community. You can find more information about secure block management in Prefect 3.x documentation. If you have more questions or need further clarifications, feel free to ask!