b

    brian

    7 months ago
    Hi all, I’m trying to use a secret in a state handler but it doesn’t seem to be working
    I’m using prefect cloud and have setup a secret
    MU_SENTRY_DSN
    Kevin Kho

    Kevin Kho

    7 months ago
    PrefectSecret won’t work but
    Secret(…).get()
    will inside a state handler. Or maybe
    PrefectSecret().run()
    b

    brian

    7 months ago
    I made some modifications to this snippet
    import prefect
    
    prefect.context.setdefault("secrets", {}) # to make sure context has a secrets attribute
    prefect.context.secrets["MY_KEY"] = "MY_VALUE"
    s/MY_KEY/MU_SENTRY_DSN/
    def _handle_flow_states(obj, old_state, new_state):
        if new_state.is_running():
            logger = prefect.context.get("logger")
            <http://logger.info|logger.info>("flow is running, initializing sentry sdk")
            # make sure context has a secrets attribute
            # see this <https://docs.prefect.io/api/latest/client/secrets.html#secret>
            prefect.context.setdefault("secrets", {})
            sentry_sdk.init(dsn=prefect.context.secrets["MU_SENTRY_DSN"])
            <http://logger.info|logger.info>("initialized sentry sdk")
        return new_state
    Kevin Kho

    Kevin Kho

    7 months ago
    This won’t work because the context is already loaded in when you import Prefect and is not mutable one it’s created.
    b

    brian

    7 months ago
    But if the secret is set, shouldn’t the
    setdefault
    call do nothing? i.e. prefect.context.secrets should already be a dict?
    Kevin Kho

    Kevin Kho

    7 months ago
    It would work if you did something like:
    import os
    os.environ["PREFECT__CONTEXT__SECRETS__MY_KEY"]
    import prefect
    b

    brian

    7 months ago
    Hmm ok. I think one thing I missed is that the code snippet is intended for setting a secret
    Kevin Kho

    Kevin Kho

    7 months ago
    So Prefect doesn’t pull in secrets that are already set automatically unless it’s included in the storage when you register like:
    flow.storage = SomeStorage(...,secrets=[])
    b

    brian

    7 months ago
    While I’m trying to get
    There are a handful of other secrets I’ve setup in prefect cloud for this flow that seem to be working But these were all passed in as inputs to tasks
    You’re saying that these secrets ^ are actually being set at register-time?
    So when I configure my GitHub storage I should do something like this?
    flow.storage = GitHub(
       repo="...",
       path="...",
       secrets=["MU_SENTRY_DSN"],
    )
    Kevin Kho

    Kevin Kho

    7 months ago
    So if you have a Flow and you do
    PrefectSecret
    like
    with Flow() as flow:
        PrefectSecret("something")
    this is pulled during runtime because it’s a task and the task has deferred execution So if you do it in a state handler, to pull it immediately:
    def mystatehandler(task, old_state, new_state):
        PrefectSecret("something").run()
        # or
        Secret("something").get()
    I am less sure PrefectSecret will work in the state handler. Secret.get() is preferred outside of the Flow
    For it to appear in context yep you can add it to the secrets like that when you register