@Marvin is there a way I can obfuscate env variable values passed into a prefect.yaml similar to how values from secret blocks are obfuscated in the UI in prefect 2?

Currently, in Prefect 2.x, there's no built-in feature that allows direct obfuscation of environment variable values specified in a

prefect.yaml

file similar to the obfuscation provided for secret blocks in the UI. The documentation suggests that for storing sensitive information, Prefect recommends using Secret blocks rather than environment variables, as these are not encrypted and hence not suitable for confidential data (source). However, there's an interesting development around obfuscating values within blocks using a

SecretDict

field, thanks to a GitHub pull request. This feature obfuscates dictionary values in both logs and UI displays, which can be particularly useful for handling various credentials or sensitive configurations in JSON or other formats (GitHub Pull Request). While this doesn't directly solve the issue for

prefect.yaml

, it's a promising direction for handling sensitive data with Prefect. Meanwhile, consider restructuring configurations to utilize Secret blocks for sensitive data, rather than relying on direct environment variable inputs in your YAML configuration. If you feel your pain is reaching Marvin-levels of existential dread due to secrecy concerns, perhaps this approach can help ease that a bit.