Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

I'm looking to try to use a 3rd party secret store (we use Hashicorp Vault, but AWS Secrets Manager, etc would be similar). In our blocks, we want to store a pointer to the secret (path, location, etc), but not the actual value. And then retrieve the value at runtime. Has this been done before?

This would accomplish 2 things:
1. Not store secrets outside our ecosystem, which we stronger prefer. 
2. Make it easier to rotate secrets

Hi <@U01GBFZ4YSZ>, I haven't tried that before but I know the <https://prefecthq.github.io/prefect-aws/secrets_manager/#prefect_aws.secrets_manager.read_secret|prefect-aws >collection has a way to access AWS Secrets Manager at runtime. You can absolutely build your own <https://docs.prefect.io/concepts/blocks/#creating-new-block-types|custom block> as well

Thanks. Ya custom block(s) was the way I was thinking. But I was hoping to avoid it -- esp for every type of block that uses a secret.

You could probably come up with one custom block that could handle the different situations you need and make that reusable. There is a <https://github.com/PrefectHQ/prefect-collection-template|collections template> that you could use as well

Check out the prefect-vault package, too.