19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Hello. I'm hoping to use dagster-postgres for pers...
# ask-communityj
Jordan Lewis
07/10/2023, 11:24 PMHello. I'm hoping to use dagster-postgres for persistence, but I would like to keep the password out of dagster.yml. Is there a way to inject it at runtime?
c
chris
07/10/2023, 11:31 PMyou can use env vars which are filled by whichever secrets manager you happen to be using
j
Jordan Lewis
07/10/2023, 11:32 PMIs there another option? This requires additional setup on each host.
c
chris
07/10/2023, 11:37 PMnot really another option that I can think of, although I think secrets setup shouldn’t be too bad, depending on what system you’re using? Do you have an anolog in another system of something you’d be expecting?
j
Jordan Lewis
07/10/2023, 11:39 PMWe have a uniform setup on each host that connects to a secrets manager. The code pulls down whatever secrets it needs this way, but only at runtime. This way the host is always the same save for the deployed code, and the secrets never end up in source control.
Jordan Lewis
07/10/2023, 11:44 PMAdding env vars creates extra nuance on the prod hosts, and extra setup every time a dev wants to use it.
a
Adam Bloom
07/10/2023, 11:55 PMWhy not encapsulate that in a wrapper script?
j
Jordan Lewis
07/11/2023, 1:12 AMThat's not very tidy.