I'm looking to try to use a 3rd party secret store (we use Hashicorp Vault, but AWS Secrets Manager, etc would be similar). In our blocks, we want to store a pointer to the secret (path, location, etc), but not the actual value. And then retrieve the value at runtime. Has this been done before?
✅ 1
Marc Lipoff
12/06/2022, 4:01 PM
This would accomplish 2 things:
1. Not store secrets outside our ecosystem, which we stronger prefer.
2. Make it easier to rotate secrets
k
Kalise Richmond
12/06/2022, 4:18 PM
Hi @Marc Lipoff, I haven't tried that before but I know the prefect-aws collection has a way to access AWS Secrets Manager at runtime. You can absolutely build your own custom block as well
m
Marc Lipoff
12/06/2022, 4:21 PM
Thanks. Ya custom block(s) was the way I was thinking. But I was hoping to avoid it -- esp for every type of block that uses a secret.
k
Kalise Richmond
12/06/2022, 4:53 PM
You could probably come up with one custom block that could handle the different situations you need and make that reusable. There is a collections template that you could use as well