What is the purpose of `PREFECT__CLOUD__AUTH_TOKEN` if the `prefect auth login` requires a token to ...

Hawkar Mahmod

04/22/2021, 10:59 AM

What is the purpose of

PREFECT__CLOUD__AUTH_TOKEN

if the

prefect auth login

requires a token to authenticate? Are these incompatible options. I am trying to authenticate with Cloud backend during a CI deployment and have set the env var for the auth token, but my flow fails to register.

Tyler Wanner

04/22/2021, 1:33 PM

Hi Hawkar, you shouldn’t need to login if you have that var set. login gets a token and sets it in your prefect config.toml—the env var takes precedence over the value in that file

👍 2

Tyler Wanner

04/22/2021, 1:36 PM

The best practice is to create a Service Account under Team and then create an API Token for it and use that for the env var

Hawkar Mahmod

04/23/2021, 9:19 AM

Thank you @Tyler Wanner. May I ask, why is this best practice. How does it differ from use of an API key created by a user?

Tyler Wanner

04/23/2021, 1:40 PM

Not only will the serviceaccount token will be scoped properly to the tenant, but also if an API Key is an "identity" you just don't want to have machines out there in the world impersonating your identity. It's generally better to give the machine its own identity via a serviceaccount. It makes it easier to manage permissions maintainably, and for sharing purposes

👍 1

Open in Slack

Previous Next

Prefect Community

Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.