Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
m
Marc Lipoff
12/06/2022, 3:57 PMI'm looking to try to use a 3rd party secret store (we use Hashicorp Vault, but AWS Secrets Manager, etc would be similar). In our blocks, we want to store a pointer to the secret (path, location, etc), but not the actual value. And then retrieve the value at runtime. Has this been done before?
✅ 1
This would accomplish 2 things:
1. Not store secrets outside our ecosystem, which we stronger prefer.
2. Make it easier to rotate secrets
k
Kalise Richmond
12/06/2022, 4:18 PMHi @Marc Lipoff, I haven't tried that before but I know the prefect-aws collection has a way to access AWS Secrets Manager at runtime. You can absolutely build your own custom block as well
m
Marc Lipoff
12/06/2022, 4:21 PMThanks. Ya custom block(s) was the way I was thinking. But I was hoping to avoid it -- esp for every type of block that uses a secret.
k
Kalise Richmond
12/06/2022, 4:53 PMYou could probably come up with one custom block that could handle the different situations you need and make that reusable. There is a collections template that you could use as well
👀 1
j
Jeff Hale
12/06/2022, 6:16 PMCheck out the prefect-vault package, too.