Is there a recommended way to use secret in a <https docs fl Flyte #flyte-support

Join Slack

Is there a recommended way to use secret in a <She...

# flyte-support

most-gold-65483

05/30/2023, 11:04 AM

Is there a recommended way to use secret in a ShellTask ?

freezing-airport-6809

05/30/2023, 3:00 PM

Wdym? Tell us more. As expected they should be mounted or in env right

most-gold-65483

05/30/2023, 3:09 PM

Integrating with secret with python task is easy since flytekit has an api for that

Copy code

secret = Secret(group="sample", key="my_secret")

@task(secret_requests=[secret])
def get_secret():
    secret_value = flytekit.current_context().secrets.get(secret.group, secret.key)

However, I am not sure how is the best way to retrieve the secret value within shell task since the env var depends on the secret group and key. So what I am currently doing is having a task that generate the env var and pass it to the shell task. e.g.

Copy code

secret = Secret(group="sample", key="my_secret")

shell_task_secret = ShellTask(
    name="shell-task",
    debug=True,
    secret_requests=[secret],
    inputs=kwtypes(secret_env_var=str),
    script="""
    #!/bin/bash
    
    echo ${inputs.secret_env_var} 
    """
)
    
@task
def get_secret_name() -> str:
    return flytekit.current_context().secrets.get_secrets_env_var(secret.group, secret.key)

@task(secret_requests=[secret])
def get_secret():
    secret_env = get_secret_name()
    shell_task_secret(secret_env_var=secret_env)

Is there better way?

most-gold-65483

05/30/2023, 3:15 PM

Would be nice if I could bind the secret to an env var directly when creating the shell task.

Copy code

secret = Secret(group="sample", key="my_secret")

shell_task_secret = ShellTask(
    name="shell-task",
    debug=True,
    inputs=kwtypes(secret_env_var=str),
    secret_env={
        "MY_SECRET": secret
    },
    script="""
    #!/bin/bash
    
    echo $MY_SECRET
    """
)

171 Views

Open in Slack

Previous Next