It seems that in both Prefect 2.x and 3.x, the best practice for handling sensitive information, such as environment variables that you’d like to obfuscate, is to utilize Prefect's Secret blocks rather than writing them directly into your

prefect.yaml

file. In Prefect 3.x, while you can reference environment variables directly in a

prefect.yaml

using the

{{ $MY_ENV_VAR }}

syntax, this does not inherently obfuscate the values in the UI. Leveraging Blocks, especially Secret blocks, is a more secure way to handle sensitive data. Here's a bit more detail: - Secret Blocks: These are designed to manage sensitive information. You can reference them in your YAML configuration using the

{{ prefect.blocks.block_type.block_slug }}

syntax. This ensures that sensitive values remain hidden and are not exposed directly within your configuration files or UI. - Variables: While you can reference Prefect variables using the

{{ prefect.variables.variable_name }}

syntax, these are not recommended for sensitive information since they are not encrypted. For more detailed documentation on managing secrets and obfuscating environment variables, you can refer to the Prefect documentation: - Prefect 2.x: Guide to Overriding Job Variables - Prefect 3.x: Infrastructure and YAML Configuration and Variables in Prefect It's like keeping your secret recipe hidden; you wouldn't write it on the shop window, would you?