Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
r
Ryan Abernathey
09/09/2019, 7:42 PMI’m trying to figure out how to set GOOGLE_APPLICATIONS_CREDENTIALS via the Secrets API. I read the docs (https://docs.prefect.io/cloud/cloud_concepts/secrets.html#setting-a-secret), but only found examples of “simple” secrets (i.e. KEY = VALUE). The Google Cloud service account credentials are a .json file with many fields. How should I set the secret in this case?
c
Chris White
09/09/2019, 7:57 PMYea, I’d ignore the cloud concept docs for now (those are unique to our platform); these docs might be more informative for you: https://docs.prefect.io/api/unreleased/client/secrets.html
TLDR; you can set secrets via env var or in
~/.prefect/config.tomlGOOGLE_APPLICATIONS_CREDENTIALSjson.dumps(credentials)👍 1
r
Ryan Abernathey
09/09/2019, 8:19 PMI added my secrets to
~/.prefect/config.tomlfrom prefect.client import Secret
Secret("GOOGLE_APPLICATION_CREDENTIALS").get()ValueError: Local Secret "GOOGLE_APPLICATION_CREDENTIALS" was not found.(I put it in the
[context.secrets]c
Chris White
09/09/2019, 8:20 PMdid you start a new python session after you put that into config?
r
Ryan Abernathey
09/09/2019, 8:21 PMno ok that may be it
ok that worked thanks!
c
Chris White
09/09/2019, 8:21 PMawesome, np!
r
Ryan Abernathey
09/09/2019, 8:21 PMso will that secret be sent to dask workers even if they don’t have the same config file?
c
Chris White
09/09/2019, 8:22 PMyup actually; the secret ends up in
contextr
Ryan Abernathey
09/09/2019, 8:22 PMgotcha
damn now I am getting the
Could not deserialize key datac
Chris White
09/09/2019, 8:25 PMyea, this is an annoying consequence of toml + json I believe; on our Cloud Platform we use Vault for storing / retrieving secrets which avoids this sort of parsing issue, and we’ve got an open issue for making local secrets more pluggable so users can avoid this if they have an alternative storage mechanism: https://github.com/PrefectHQ/prefect/issues/1346
r
Ryan Abernathey
09/09/2019, 8:26 PMwhat I would really like to do is just set the secret interactively in my script:
with open('pangeo-181919-0c1f01383379.json') as fp:
token = json.load(fp)
prefect.context.secrets['GOOGLE_APPLICATION_CREDENTIALS'] = tokenis that legit?
c
Chris White
09/09/2019, 8:27 PMah yea - you should be able to do that!
yup
totally
r
Ryan Abernathey
09/09/2019, 8:27 PMAttributeError: 'Context' object has no attribute 'secrets'(It works if I alread have the
config.tomlc
Chris White
09/09/2019, 8:28 PMooo interesting, yea the key doesn’t populate without the config - that’s a bug! I’ll fix it ASAP. In the meantime, you can treat
contextprefect.context['secrets']['GOOGLE_APPLICATION_CREDENTIALS'] = tokenr
Ryan Abernathey
09/09/2019, 8:30 PMnope 🤨
KeyError: 'secrets'c
Chris White
09/09/2019, 8:33 PMoh dang wrote that too quickly:
prefect.context.setdefault('secrets', {})['GOOGLE_APPLICATION_CREDENTIALS'] = token👍 1
r
Ryan Abernathey
09/09/2019, 8:35 PMok that works and I like it. My recommendation would be:
- Expose
prefect.context.secrets['KEY'] = 'VALUE'c
Chris White
09/09/2019, 8:36 PMyea that’s a good call out; will do!
r
Ryan Abernathey
09/09/2019, 8:37 PM(Btw, hope you don’t mind me just dropping such suggestions; I got the impression you were actively looking for user feedback.)
c
Chris White
09/09/2019, 8:38 PMno worries, I don’t mind at all, I’m definitely interested in user feedback
and I’d love to engage more with the pangeo folks like yourself, so 💯
a
Abraão Zaidan
11/08/2019, 8:16 PM# Authentication for Prefect Google Cloud Tasks
# <https://docs.prefect.io/api/unreleased/tasks/google.html>
json_file = open(os.environ['GOOGLE_APPLICATION_CREDENTIALS'], 'r')
context.setdefault('secrets', {})
context.secrets['GOOGLE_APPLICATION_CREDENTIALS'] = json_file.read()
json_file.close()