Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi all, I’m trying to use a secret in a state handler but it doesn’t seem to be working

I’m using prefect cloud and have setup a secret `MU_SENTRY_DSN`

PrefectSecret won’t work but `Secret(…).get()` will inside a state handler. Or maybe `PrefectSecret().run()`

I made some modifications to this snippet
```import prefect

prefect.context.setdefault("secrets", {}) # to make sure context has a secrets attribute
prefect.context.secrets["MY_KEY"] = "MY_VALUE"```

```def _handle_flow_states(obj, old_state, new_state):
    if new_state.is_running():
        logger = prefect.context.get("logger")
        <http://logger.info|logger.info>("flow is running, initializing sentry sdk")
        # make sure context has a secrets attribute
        # see this <https://docs.prefect.io/api/latest/client/secrets.html#secret>
        prefect.context.setdefault("secrets", {})
        sentry_sdk.init(dsn=prefect.context.secrets["MU_SENTRY_DSN"])
        <http://logger.info|logger.info>("initialized sentry sdk")
    return new_state```

This won’t work because the context is already loaded in when you import Prefect and is not mutable one it’s created.

But if the secret is set, shouldn’t the `setdefault` call do nothing? i.e. prefect.context.secrets should already be a dict?

It would work if you did something like:
```import os
os.environ["PREFECT__CONTEXT__SECRETS__MY_KEY"]
import prefect```

Hmm ok. I think one thing I missed is that the code snippet is intended for _setting_ a secret

So Prefect doesn’t pull in secrets that are already set automatically unless it’s included in the storage when you register like:
```flow.storage = SomeStorage(...,secrets=[])```


There are a handful of other secrets I’ve setup in prefect cloud for this flow that seem to be working
But these were all passed in as inputs to tasks

You’re saying that these secrets ^ are actually being set at register-time?

So when I configure my GitHub storage I should do something like this?
```flow.storage = GitHub(
   repo="...",
   path="...",
   secrets=["MU_SENTRY_DSN"],
)```

So if you have a Flow and you do `PrefectSecret` like
```with Flow() as flow:
    PrefectSecret("something")```
this is pulled during runtime because it’s a task and the task has deferred execution

So if you do it in a state handler, to pull it immediately:
```def mystatehandler(task, old_state, new_state):
    PrefectSecret("something").run()
    # or
    Secret("something").get()```
I am less sure PrefectSecret will work in the state handler. Secret.get() is preferred outside of the Flow

For it to appear in context yep you can add it to the secrets like that when you register