Hi <@ULVA73B9P>, I have a deployment on a docker t...
# ask-marvin
o
Hi @Marvin, I have a deployment on a docker type worker-pool. I use docker-registry-credentials block for the work_pool registry credentials. The credentials password is exposed in the UI of the deployment configuration. How can we make a secret field ?
m
To securely handle credentials in your Prefect deployment, you can use block and variable references that remain unresolved until runtime. This ensures sensitive information like passwords isn't stored insecurely in the deployment configuration. Instead, the credentials are pulled dynamically each time the deployment runs. Here's a general approach you can consider: 1. Use Block References: Ensure that your
docker-registry-credentials
block is set up properly. This block can store credentials securely and reference them in your deployment. 2. Configure Prefect YAML: In your
prefect.yaml
, use block references to access these credentials. This way, the sensitive data is not exposed in the UI or stored in plaintext. 3. Runtime Resolution: When you run your deployment, Prefect will resolve these references at runtime, keeping your credentials secure. For more details, you can refer to the Prefect documentation on infrastructure concepts and YAML configuration. If you have specific questions about setting up these blocks or need further assistance, feel free to ask!
o
**work_pool: name: flash-agent work_queue_name: null job_variables: image: '{{ build_image.image }}' auto_remove: true image_pull_policy: Always registry_credentials: ${prefect.blocks.docker-registry-credentials.myregistry}}'** The following deployment configuration exposes the value of the registry after they are deployed. The password is exposed in the deployment configuration of the prefect server ui