https://prefect.io logo
Title
m

Marc Lipoff

12/06/2022, 3:57 PM
I'm looking to try to use a 3rd party secret store (we use Hashicorp Vault, but AWS Secrets Manager, etc would be similar). In our blocks, we want to store a pointer to the secret (path, location, etc), but not the actual value. And then retrieve the value at runtime. Has this been done before?
1
This would accomplish 2 things: 1. Not store secrets outside our ecosystem, which we stronger prefer. 2. Make it easier to rotate secrets
k

Kalise Richmond

12/06/2022, 4:18 PM
Hi @Marc Lipoff, I haven't tried that before but I know the prefect-aws collection has a way to access AWS Secrets Manager at runtime. You can absolutely build your own custom block as well
m

Marc Lipoff

12/06/2022, 4:21 PM
Thanks. Ya custom block(s) was the way I was thinking. But I was hoping to avoid it -- esp for every type of block that uses a secret.
k

Kalise Richmond

12/06/2022, 4:53 PM
You could probably come up with one custom block that could handle the different situations you need and make that reusable. There is a collections template that you could use as well
👀 1
j

Jeff Hale

12/06/2022, 6:16 PM
Check out the prefect-vault package, too.