Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
j
John
08/25/2022, 11:38 AMHi! Question about Prefect blocks, security and confidentiality. When we use, let's say S3 or Amazon blocks, it is necessary to provide access keys to the Prefect. In theory, with those keys Prefect team can secretly access our files and do with them whatever the heart desires. Is there anything other than gentlemen's agreement that can guarantee that Prefect team won't perform such shenanigans?😁
o
Oliver Mannion
08/25/2022, 12:34 PMIt’s not necessary. We use short-term credentials provided by our environment instead of storing long-term credentials in Prefect.
:upvote: 2
j
Jeff Hale
08/25/2022, 2:03 PMPrefect takes security sand privacy very seriously. Read all about it here.
Oliver’s suggestion on limiting the lifetime of credentials is also a security best practice.