Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Does anyone have an example of how to use KubernetesSecret? We are using Bitbucket for storage, and the password is stored in Kubernetes as “bb-flows-pull”. Everything works if we hardcode the secret into the script but this isn’t an option for us. I’m a complete beginner on this so apologies if this is something simple.

This is what I have tried
```import prefect
from prefect import task, Flow
from prefect.storage import Bitbucket
from prefect.run_configs import KubernetesRun
from prefect.tasks.kubernetes.secrets import KubernetesSecret

@task
def say_hello():
  logger = prefect.context.get("logger")
  <http://logger.info|logger.info>("Hello, Cloud!")

with Flow("hello-flow") as flow:
  say_hello()

flow.run_config = KubernetesRun(
  env={"PREFECT__CONTEXT__SECRETS__BB_USER": "my_user",
       "PREFECT__CONTEXT__SECRETS__BB_SECRET": KubernetesSecret(secret_name="bb-flows-pull")}
  )

flow.storage = Bitbucket(
    workspace="my_company",
    project="project1",
    repo="gitops-flows",
    path="hello-flow.py",
    ref="master",
    cloud_username_secret="BB_USER",
    cloud_app_password_secret="BB_SECRET",
  )```

I haven’t used it myself but maybe <@U012J275170>, who wrote it can chime in, but I think the issue here is that you’re using the task outside the flow. Can you try `KubernetesSecret(secret_name="bb-flows-pull").run()` to actually run the task and get the secret? Seems like you need the Kubernetes API Key also?

Thanks for the prompt reply. Yep that worked! Needed to add secret_key &amp; kubernetes_api_key_secret plus the run() command.  :thumbsup:

<@U01QEJ9PP53> KubernetesSecret is a task. What adam want to do is to use the value from it to setup the flow. Can prefect support that ?
I could extract the logic of KubernetesSecret into an helper function in prefect.utilities.kubernetes. This would be cleaner, what do you think ?

Oh yeah he said it worked for him just by calling the `.run()` method :slightly_smiling_face:

<@U021HNJ3SVD> for the bitbucket secret. Why not getting the value from an env variable that come from k8s secret in your pod? This is the pattern we are using when registering flow