Is there a recommended way to use secret in a <She...
# ask-the-community
p
Is there a recommended way to use secret in a ShellTask ?
k
Wdym? Tell us more. As expected they should be mounted or in env right
p
Integrating with secret with python task is easy since flytekit has an api for that
Copy code
secret = Secret(group="sample", key="my_secret")

@task(secret_requests=[secret])
def get_secret():
    secret_value = flytekit.current_context().secrets.get(secret.group, secret.key)
However, I am not sure how is the best way to retrieve the secret value within shell task since the env var depends on the secret group and key. So what I am currently doing is having a task that generate the env var and pass it to the shell task. e.g.
Copy code
secret = Secret(group="sample", key="my_secret")

shell_task_secret = ShellTask(
    name="shell-task",
    debug=True,
    secret_requests=[secret],
    inputs=kwtypes(secret_env_var=str),
    script="""
    #!/bin/bash
    
    echo ${inputs.secret_env_var} 
    """
)
    
@task
def get_secret_name() -> str:
    return flytekit.current_context().secrets.get_secrets_env_var(secret.group, secret.key)

@task(secret_requests=[secret])
def get_secret():
    secret_env = get_secret_name()
    shell_task_secret(secret_env_var=secret_env)
Is there better way?
Would be nice if I could bind the secret to an env var directly when creating the shell task.
Copy code
secret = Secret(group="sample", key="my_secret")

shell_task_secret = ShellTask(
    name="shell-task",
    debug=True,
    inputs=kwtypes(secret_env_var=str),
    secret_env={
        "MY_SECRET": secret
    },
    script="""
    #!/bin/bash
    
    echo $MY_SECRET
    """
)
158 Views