Hello All, Have Prefect Orion deployed (version 2...
# ask-community
m
Hello All, Have Prefect Orion deployed (version 2.6.4-python3.10). When looking at the Settings section, I noticed the PREFECT_ORION_DATABASE_CONNECTION_URL was not obfuscated. Is there any way to obfuscate that? Or another way to handle the admin/password other than passing it in via the connection string for Helm?
1
z
We template the setting
PREFECT_ORION_DATABASE_PASSWORD
into the connection URL
So you can use `${PREFECT_ORION_DATABASE_PASSWORD} `in the connection URL and set the password separately and it’ll be obfuscated
🙌 1
m
Thanks Zanie. I’ll give that a try.
Do I set the password in the password setting within the values.yaml file (after specifying ${PREFECT_ORION_DATABASE_PASSWORD}) Would that be enough to have Prefect aware of where to replace it?
Reading the comments in values.yaml file, I don’t know how I would set the password to pass to the connection string (as it’s using an existing secret (connection string). The password in the values.yaml file seems t o be fore creating a custom user.
z
Ah I see you’re using the Helm chart
You’d need to set the database password setting in the server environment variables, I think. I’m not sure if the Helm chart supports this yet. cc @Jamie Zieziula
j
Hi Mark - you will need to set the password here
Alternatively, you can create your own secret, and pass it here
m
@Jamie Zieziula I have a secret created and passed to the existingsecrets. The secret has the password inside the connection string - My issue with going that route is that the connection string is not obfuscated and the password is exposed when accessing the settings in the Prefect Orion UI.
Double checking - Since I have no need to create the user and intend to authenticate through the connection string, I’m assuming I don’t need to specify the password value in the helm chart since that’s for creating a new user?
@Jamie Zieziula - Bump for clarifying my question. If unclear, please let me know! 🙂 Essentially, I have an AKS secret that’s my connection string (with admin user:password) that’s passed to the Helm Chart to connect Prefect to my external Postgres. When going to the Prefect Orion UI - The connection string (and the password) is exposed on the Settings section of the Prefect Orion UI. What approach can I do via Helm to obfuscate the password on the UI side?
Following up on this: I’ve tried passing in the PREFECT_ORION_DATABASE_PASSWORD as an environment variable directly defined in the Helm Chart and using ${PREFECT_ORION_DATABASE_PASSWORD} inside our connection string to pass the password into the connection string. The connection string is not obfuscated and still displays the credentials in the connection URL - expected as much since it’s just displaying the connection string that it used to connect with.
z
These are both obfuscated in my UI
What version are you using..?
m
version 2.6.4-python3.10)
Please use a more recent version
m
Alright, We’ll migrate to a later version and get back to you on it.
Updated to 2.8.3 - obfuscation is working as expected.
z
Wonderful!