Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Dear Prefect Community :wave:  I’d like to make a <https://kubernetes.io/docs/concepts/configuration/secret/|Kubernetes secret> (containing GCP credentials) available in the worker pods created by the Kubernetes agent. Is this possible?

Hey <@U012JUD3PJ7>! Let me ask the team about best practices here.

Gained some insight: A potential solution could be to utilize a <https://docs.prefect.io/api/latest/environments/execution.html#kubernetesjobenvironment|KubernetesJobEnvironment> and define the job spec that uses the secret from the get-go. More information about implementing this environment and what the yaml may look like can be found in the <https://docs.prefect.io/orchestration/execution/k8s_job_environment.html#process|documentation>.

<@U012JUD3PJ7> - if you are using Dask you need to create the k8s secret in the same namespace as the worker, and pass the credentials as environment variables in the worker_spec.yaml -
something like this under spec.containers[]
```    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret```

(I had done something similar to authenticate with AWS  - I presume GCP should be similar)

<@U0141PE1A84>, <@UUDFU628J> thank you so much for your help! The <https://docs.prefect.io/api/latest/environments/execution.html#kubernetesjobenvironment|KubernetesJobEnvironment> is indeed what I was looking for. Seems nothing is impossible with Prefect :slightly_smiling_face: