I'm looking to try to use a 3rd party secret store...
# ask-community
m
I'm looking to try to use a 3rd party secret store (we use Hashicorp Vault, but AWS Secrets Manager, etc would be similar). In our blocks, we want to store a pointer to the secret (path, location, etc), but not the actual value. And then retrieve the value at runtime. Has this been done before?
1
This would accomplish 2 things: 1. Not store secrets outside our ecosystem, which we stronger prefer. 2. Make it easier to rotate secrets
k
Hi @Marc Lipoff, I haven't tried that before but I know the prefect-aws collection has a way to access AWS Secrets Manager at runtime. You can absolutely build your own custom block as well
m
Thanks. Ya custom block(s) was the way I was thinking. But I was hoping to avoid it -- esp for every type of block that uses a secret.
k
You could probably come up with one custom block that could handle the different situations you need and make that reusable. There is a collections template that you could use as well
👀 1
j
Check out the prefect-vault package, too.