https://dagster.io/ logo
#ask-community
Title
# ask-community
n

NateV

04/10/2023, 8:03 PM
This page recommends using
configured
to use env variables for storing secrets: https://docs.dagster.io/guides/dagster/using-environment-variables-and-secrets. But the documentation of
configured
says not to use it for secrets because it will show secrets: https://docs.dagster.io/_apidocs/config#dagster.configured. is this a conflict, or am I missing something?
d

daniel

04/10/2023, 9:11 PM
The API docs could definitely be more clearly written - what it's saying is that doing this:
.configured({"password": os.getenv("MY_PASSWORD_VALUE")}
could result in the value of MY_PASSWORD_VALUE being shown in the UI. The secrets docs are referring to indicating in a structured way that a field should be sourced from an env var like:
Copy code
github_api.configured(
            {"password": {"env": "MY_PASSWORD_VALUE"}}
        )
The "env" key tells Dagster in a structured way that the value should be sourced from an env var
This should get less confusing with some of the resource changes that we're introducing in 1.3: https://docs.dagster.io/guides/dagster/pythonic-resources#using-environment-variables-with-resources
n

NateV

04/11/2023, 1:08 AM
sorry, i'm still confused -so is it a recommended practice to put secrets in env vars, and connect to them with
configured
, or is that to be avoided? The Azure plugin, for example, has its examples using that pattern, but is it something to avoid? Or does it depend on use-cases, like if I've got authorized users of our dagster tenant who shouldn't have access to certain secrets?
d

daniel

04/11/2023, 1:09 AM
Putting secrets in env vars and connecting them with configured (using that “env”: “name of env var” pattern so that dagster knows that that’s what you’re doing) is a recommended practice.
👏 2
n

NateV

04/11/2023, 1:10 AM
cool, thank you for clarifying!
condagster 1
3 Views