https://prefect.io logo
e

emre

10/03/2019, 10:53 AM
Hey all, I have been using local secrets in my production flows for a while. I want to use some other key-value store for my secrets, as it is the secure and intended way. I haven’t found much in the docs, how would I be telling Prefect Core where and how it should access this new
Secrets
store, say AWS Secrets Manager
j

josh

10/03/2019, 12:16 PM
There has been an issue proposed for a more adaptable Secrets API https://github.com/PrefectHQ/prefect/issues/1346 which I don’t think would be difficult to implement. The Prefect secret manager definitely isn’t intended to be the only option. cc @Chris White we should consider this again
👍 1
e

emre

10/03/2019, 12:43 PM
Subclassing
Secret
indeed seems like the most flexible solution. It could even work right now, without adding anything else than the subclass. I’d rather wait for official support though. Can you estimate a rough ETA, pretty please.
j

josh

10/03/2019, 12:48 PM
I believe the next release of Prefect is being cut today so it could probably be fit into the release after which would come in a couple weeks. In the mean time your best bet would be to call your AWS secret store in its own function with whichever implementation you would use in the overridden Secret class to retrieve the secrets.
r

rich

10/03/2019, 1:04 PM
why not just call boto directly?
e

emre

10/03/2019, 1:20 PM
Main concern is abstraction. Using the Secret API, I can switch easily between local secrets for development and remote secrets for production. Would also make a possible transition to Prefect Cloud easier.