Hello all, we are using a .env file for secret man...
# ask-communitym
Matthew Blau
04/13/2021, 6:47 PMHello all, we are using a .env file for secret management with prefect instead of the config.toml and are running into issues with injecting updated .env values at runtime with LocalRun(env=env_dict). The only way that the flow picks up the new .env contents is upon registration of the flow, which is not ideal as we need the .env file to be written to during runtime and the new values read from the same file. Any pointers on how to have Prefect pick up the new values? The flow creates a container and injects env values into it with
Copy code
enviornment=env_vars Copy code
flow.run_config = DockerRun(env={f"PREFECT__CONTEXT__SECRETS__{k}": v for k, v in config.context.secrets.items()})z
Zanie
04/14/2021, 12:21 AM
Hey @Matthew Blau -- sorry about the delay, it's been a busy day for me.
I'm not sure there's a straight-forward way to load the environment at runtime like this. We could consider making a change such that the
envZanie
04/14/2021, 12:22 AM
If you're writing secrets to the .env file during flow execution and need the same flow to load those secrets back in, I think you'd be best off implementing your own Secret subclass to do that.
m
Matthew Blau
04/14/2021, 12:36 AMHey @Zanie I understand how those days go! Talking internally we have decided that we need a better way overall of managing secrets and have turned to look at Hashicorp Vault as a solution, which a cursory glance indicates that this should solve our specific use case
d
davzucky
04/14/2021, 12:46 AMI don't know if that help. I added recently a kubernetessecret task https://docs.prefect.io/api/latest/tasks/kubernetes.html#replacenamespacedservice that allow to retrieve on kuberbetes the secret at run time when you run your own perfect server instance. This could work at well with vault which can generate kuberbetes server object
👀 1
11 Views