Hey team is it possible to use a Deploy Key instead of a PAT Prefect Community #ask-community

Join Slack

Hey team, is it possible to use a Deploy Key inste...

# ask-community

Zach Hodowanec

04/05/2021, 9:54 PM

Hey team, is it possible to use a Deploy Key instead of a PAT for authentication when using GitHub Storage?

Dylan

04/05/2021, 10:06 PM

Hi @Zach Hodowanec, I don’t believe GitHub storage supports using Deploy Keys at the moment, but we’d welcome a contribution or an issue on the

prefect

repo!

Kyle Moon-Wright

04/05/2021, 10:16 PM

Yep, going further - Prefect’s GitHub Storage uses the PyGithub library which currently doesn’t support Deploy Keys, so a contribution there would be doubly effective.

👍 1

Zach Hodowanec

04/05/2021, 10:19 PM

Ok, thank you both for the help!

Rob Fowler

04/06/2021, 8:45 AM

it does, it is mainly the documentation is wrong in many places.

Rob Fowler

04/06/2021, 8:46 AM

you can mod the prefect task (I have my own sorry, as my deploy key comes from vault)

Copy code

vault_client = load_vault.VaultReader(opts.stage, <http://opts.org|opts.org>, opts)
        keys = vault_client.read_secret_set('prefect/static_assets')

        key_file = tempfile.NamedTemporaryFile(mode='w')
        key_file.write(keys['jet-scripts.priv'])
        key_file.flush()
        os.chmod(key_file.name, 0o600)
        clone_dir = tempfile.TemporaryDirectory()
        self.tmp_dirs.append(clone_dir)  # Save in a list to keep the directory around for the life of the flow
        # Clone into temporary dir
        git_command = f"ssh -o StrictHostKeyChecking=no -i {key_file.name} "
        Repo.clone_from(self.repo, clone_dir.name, branch='master', depth=1,
                        env={'GIT_SSH_COMMAND': git_command})

        fnames = glob.glob(clone_dir.name + subdir + '/*')

Rob Fowler

04/06/2021, 8:48 AM

the documentation for pygit, not prefect.

Zach Hodowanec

04/07/2021, 8:57 PM

@Rob Fowler I'm not sure if I follow your example. Are you suggesting I change my prefect task or the prefect team update their GitHub storage task?

Rob Fowler

04/07/2021, 10:24 PM

You could ask the upstream team to make a change for deployment keys or copy the file and use it locally, which is pretty easy. Deploy keys are the goto for data storage on github for me.

Zach Hodowanec

04/08/2021, 2:26 PM

@Dylan @Kyle Moon-Wright do you have any thoughts on @Rob Fowler’s suggestion?

Dylan

04/08/2021, 2:28 PM

@Zach Hodowanec It certainly sounds like a straightforward workaround, depending on your setup

Zach Hodowanec

04/08/2021, 2:32 PM

I was more so referring to y'all making the change for the rest of the community to benefit from

Dylan

04/08/2021, 4:56 PM

Opening an issue now 😉

Dylan

04/08/2021, 4:59 PM

https://github.com/PrefectHQ/prefect/issues/4376

Zach Hodowanec

04/08/2021, 5:02 PM

Thanks Dylan!

👍 1

42 Views

Open in Slack

Previous Next