Hi all. I'm trying to set up a Prefect docker agent as a systemd service (CentOS). What is the recommended practice for storing the prefect API Key and passing it on to the systemd service?

You can pass it as environment variable if you prefer it, but in general your first line of defence would be ensuring that the instance itself is protected (hosted in your trusted network, certificate key protection etc). You can check more ideas here

Yes, well we looked at that post. According to systemd, "environment variables are not suitable for passing secrets (such as passwords, key material, …) to service processes". https://www.freedesktop.org/software/systemd/man/systemd.exec.html

that’s true, if some attacker gets into your server, then whether the key is stored in env variable or in a service description such as supervisord or systemd, it doesn’t make much of a difference You could use e.g. Kubernetes agent instead, if you want to have more control over it - this way, you could use Kubernetes secrets