Channels
#prefect-community
Title
# prefect-community
s
Stéphan Taljaard
05/26/2022, 10:45 AMHi. How do you save (and read) dollar signs in a secret?
I'm on Prefect Server, implemented in GCP. The secret comes from Google Secret Manager. I have a custom secret function that, in development, pulls the secret from my PC's environment variables. I develop on Windows.
I now have a DB with a password containing dollar signs. Because of this line, I can't read the password out correctly.
Thoughts?
Example:
Copy code
import os
from prefect.client import Secret
secret_name = 'JSON_SECRET'
# os.environ[
# f"PREFECT__CONTEXT__SECRETS__{secret_name}"
# ] = '{"db1": {"password": "password", "user": "userA"}, "db2": {"password": "P@$$w0rd", "user": "userB"}}'
secret_value = Secret(secret_name).get()
print(secret_value['db2']['password'])
# This prints 'P@$w0rd', not 'P@$$w0rd'I have another function that then takes the username and password and creates a SQLAlchemy connection string:
Copy code
def create_conn_str(
username: str, password: str, host: str, database: str, port=None, dialect="mssql", driver="pymssql"
) -> str:
"""Create a SQLAlchemy database URL connection string"""
username_ = quote_plus(username)
password_ = quote_plus(password)
port_ = f":{port}" if port else ""
return f"{dialect}+{driver}://{username_}:{password_}@{host}{port_}/{database}"'P%40%24%24w0rd'create_conn_strk
Kevin Kho
05/26/2022, 2:19 PM
Yikes that does seem like a pain. First time I’ve bumped into it. I think your suggestion with already saving it as URL encoded is the best I can think of for now.
s
Stéphan Taljaard
05/26/2022, 2:29 PMYeah same. Feels almost strange that this only came out now.
It was actually someone else in my team discovering it. He first thought he's saving it wrong inside Windows env vars.
Debugged for him and voila.
k
Kevin Kho
05/26/2022, 2:31 PM
I don’t know though if we can have both dollar signs and the interpolation though. Feel free to open an issue.
✅ 1