Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

What is the purpose of `PREFECT__CLOUD__AUTH_TOKEN` if the `prefect auth login` requires a token to authenticate? Are these incompatible options. I am trying to authenticate with Cloud backend during a CI deployment and have set the env var for the auth token, but my flow fails to register.

Hi Hawkar, you shouldn’t need to login if you have that var set. login gets a token and sets it in your prefect config.toml—the env var takes precedence over the value in that file

The best practice is to create a Service Account under Team and then create an API Token for it and use that for the env var

Thank you <@UL1CF4QLC>. May I ask, why is this best practice. How does it differ from use of an API key created by a user?

Not only will the serviceaccount token will be scoped properly to the tenant, but also if an API Key is an "identity" you just don't want to have machines out there in the world impersonating your identity.  It's generally better to give the machine its own identity via a serviceaccount.  It makes it easier to manage permissions maintainably, and for sharing purposes