Thread
#prefect-community
    x

    xyzz

    5 months ago
    If you set up a storage with cloud connected, where are the secrets stored (e.g. AWS secret access key)? on the local machine or on cloud?
    Anna Geller

    Anna Geller

    5 months ago
    Prefect is based on a hybrid execution model so that all your code, data, and secrets remain in your infrastructure and can be managed entirely by you. Prefect Cloud doesn't need to have access to any of that. Does it answer your question?
    Kevin Mullins

    Kevin Mullins

    5 months ago
    If you are using Prefect cloud you could do it either way. You could set them in the Prefect Cloud UI and they would be stored on Prefect’s end in their cloud. Or you could set them locally via a config file or environment variables. If you are setting them locally. They need to be available during flow execution. This would vary based on the run config. If you are using a LocalRun, it would need to be on the machine with the agent installed. If you are using DockerRun, it would need to be available in the docker container that runs, etc. https://docs.prefect.io/orchestration/concepts/secrets.html
    x

    xyzz

    5 months ago
    sorry forgot to mention my question is about orion
    what happens if you enter the aws secret key during storage creation with the cli and cloud connected to it?
    Kevin Mullins

    Kevin Mullins

    5 months ago
    Gotcha, I’ll have to defer to the other smart people as I haven’t used Orion enough to help here 🙂
    Kevin Kho

    Kevin Kho

    5 months ago
    It would need to be as env vars for now as Prefect 2.0 doesn’t have secrets yet so you just need your execution environment authentication to pull from S3 for example