Soonho Kwon
06/15/2023, 4:09 AMdagster
key and set them as environment variables.” Two questions:
• To confirm, this is referring to a tag with key = “dagster”, right? If so, can the value of that tag (whose key is dagster
) be anything?
• At what point does the secret actually get stored as an environment variable? I know we need to give the task IAM role the relevant secrets access, but I’d love to learn when & how the secret actually gets carried over into the relevant container(s).daniel
06/15/2023, 1:55 PM{
"containerDefinitions": [
{
"secrets": [
{
"name": "environment_variable_name",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
}
]
}
]
}
Soonho Kwon
06/15/2023, 3:09 PMSoonho Kwon
06/15/2023, 4:54 PMenvironment_variable_name
? is that the name of the secret itself (in which case is it assuming plain-text secrets vs. key/val?), or the key in the secret key/val pair?
• If the latter:
◦ if a secret has multiple key/val pairs will Dagster pull in all of them?
◦ how would Dagster handle it if two different secrets have the same key but different values?daniel
06/15/2023, 6:27 PMSoonho Kwon
06/15/2023, 7:01 PMdagster
. that helps !
For context, I have a secret with that tag, but none of my containers are picking it up - even after restarting the ECS service. are there any common errors that you’ve seen for configuring secrets ?daniel
06/15/2023, 7:02 PMdaniel
06/15/2023, 7:03 PMdaniel
06/15/2023, 7:03 PMSoonho Kwon
06/15/2023, 7:04 PMenvironment
block ?daniel
06/15/2023, 7:04 PM{
"containerDefinitions": [
{
"secrets": [
{
"name": "environment_variable_name",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
}
]
}
]
}
daniel
06/15/2023, 7:04 PMdaniel
06/15/2023, 7:11 PMdagster
, it uses the name of the secret as the environment variable name, and expects the secret to have a single valueSoonho Kwon
06/15/2023, 7:12 PMSoonho Kwon
06/15/2023, 7:14 PMdaniel
06/15/2023, 7:15 PMSoonho Kwon
06/15/2023, 8:30 PMdaniel
06/15/2023, 9:01 PMSoonho Kwon
06/15/2023, 11:27 PM["dagster","api","execute_run",...]
) under run_launcher_data
, but it does’t flow through as an environment variable. Does that mean Dagster knows what to pull but can’t because of IAM issues?daniel
06/16/2023, 1:58 PMsecrets
instead of secrets_tag
and see if that is working and verify that it is looking for secrets in the right place, then try the tags thingSoonho Kwon
06/16/2023, 7:43 PM