Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi everyone! I'm trying to configure Fargate Agent and cannot find how to pass credentials to private docker registry :confused: Any hints? Thanks

To be precise, boto3 expects secret managers ARN in `containerDefinitions['repositoryCredentials']['credentialsParameter']` location, which I cannot find how to pass to the agent either via environment variables or via CLI arguments

Hi <@U016240FA7K>! Full disclosure that I'm not an avid consumer of Fargate, but I _think_ this will do the trick for you:

AWS suggests passing credentials for private repos like so:

```"containerDefinitions": [
    {
        "image": "private-repo/private-image",
        "repositoryCredentials": {
            "credentialsParameter": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name"
        }
    }
]```
I think what you'll want to do is define those `repositoryCredentials` as part of your FargateTaskEnvironment's `containerDefinitions` field, using the link below as an example. Does that sound like it might work for you?

<https://docs.prefect.io/orchestration/execution/fargate_task_environment.html#fargate-task-environment-w-resources>

<@UN79DLD40> didn't try the programmatic approach yet. I tried to pass this configuration from environment directly to agent (in docker compose). Here's an example:
```my-agent:```

```  my-agent:
    image: prefecthq/prefect:${PREFECT_VERSION}
    depends_on:
      - apollo
    environment:
      - PREFECT__BACKEND=server
      - PREFECT__SERVER__HOST=<http://x.x.x.x>
      - PREFECT__LOGGING__LEVEL=DEBUG
      - PREFECT__FLOWS__CHECKPOINTING=true
      - AWS_ACCESS_KEY_ID=...
      - AWS_SECRET_ACCESS_KEY=...
      - REGION_NAME=eu-central-1
      - containerDefinitions_logConfiguration={"logDriver":"awslogs","options":{"awslogs-group":"npn/prefect","awslogs-region":"eu-central-1","awslogs-stream-prefix":"flow-runs"}}
    restart: always
    command: &gt;
      prefect agent start fargate
        --name my-test-agent
        --show-flow-logs
        -l fargate
        -v
        cpu=256
        memory=512
       executionRoleArn=arn:aws:iam::********:role/ecsTaskExecutionRole
        cluster=npn-ecs1
        networkConfiguration="{'awsvpcConfiguration': {'assignPublicIp': 'DISABLED', 'subnets': ['subnet-*******'], 'securityGroups': ['sg-*******']}}"```

Looks like Josh has picked this up on the Github side, but let us know if you have any other questions!

<@UN79DLD40> yep! that has worked out! thanks