extremely basic question, but i'm trying to get set up with prefect and am trying to figure out how to set up my secret auth keys to use boto3. In the Secrets documentation page it says to add

export PREFECT__CONTEXT__SECRETS__AWS_CREDENTIALS='{"ACCESS_KEY": "abcdef", "SECRET_ACCESS_KEY": "ghijklmn"}'

to the secrets context--could I do this in the prefect config toml file? That's where I was storing my other secret keys using prefect.config.api.XXX. This probably isn't the 'best' way to do this in production, but I'm used to using dotenv and os to just use a .env to pass in secret values.

Hi @Harry Baker - you can do that for sure:

# ~/.prefect/config.toml
[context.secrets]
AWS_CREDENTIALS='{"ACCESS_KEY": "abcdef", "SECRET_ACCESS_KEY": "ghijklmn"}'

yeah the docs indicate that the boto3 creds should be passed directly. i'm assuming its doing something under the hood to mirror how boto3 can auto detect your AWS config values

And as for the export question - you'll need to export the variable so that child processes can use it, otherwise you'll be defining it only for the current shell

there's probably a more streamlined approach but I was able to get it working with s3_client = boto3.client('s3', aws_access_key_id=prefect.config.api.s3_access, aws_secret_access_key=prefect.config.api.s3_secret)

Hm I suppose that works! You should be able to use the context.secrets namespace of the config for that but it's probably about the same anyway if you're running this locally