Store secret strings
You can use the Secret block to store secret strings.
from prefect.blocks.system import Secret
secret = Secret(value="Marvin's surprise birthday party is on the 15th")
secret.save("surprise-party")
You can access the secret value in your workflow by loading a Secret block with the same name.
from prefect import flow
from prefect.blocks.system import Secret
@flow
def my_flow():
secret = Secret.load("surprise-party")
print(secret.get())
Secret values are encrypted at rest when stored in your Prefect backend.
To update a secret, save the new value with the overwrite parameter set to True.
from prefect.blocks.system import Secret
secret = Secret(value="Marvin's surprise birthday party is actually on the 16th")
secret.save("surprise-party", overwrite=True)
Secret blocks can also be created and updated through the Prefect UI.
Store common configuration securely
Prefect offers a set of blocks for storing common configuration.
Many of these blocks are included as part of Prefect’s integration libraries.
For example, use the AwsCredentials block to store AWS keys to connect to AWS services in your workflows.
You can install prefect-aws by running pip install prefect-aws.
from prefect_aws import AwsCredentials
aws_credentials = AwsCredentials(
aws_access_key_id="my-access-key-id",
aws_secret_access_key="nice-try-you-are-not-getting-my-key-friend")
aws_credentials.save("aws-credentials")
You can load the block to use the credentials in your workflow.
from prefect_aws import AwsCredentials
import boto3
# Load AWS credentials from Prefect
creds = AwsCredentials.load("aws-credentials")
# Create boto3 session using the credentials
session = boto3.Session(
aws_access_key_id=creds.aws_access_key_id,
aws_secret_access_key=creds.aws_secret_access_key
)
# Create S3 client
s3_client = session.client('s3')
# List all buckets
response = s3_client.list_buckets()
for bucket in response['Buckets']:
print(f"Bucket name: {bucket['Name']}")
