https://dagster.io/ logo
#ask-community
Title
# ask-community
j

Jordan Lewis

07/10/2023, 11:24 PM
Hello. I'm hoping to use dagster-postgres for persistence, but I would like to keep the password out of dagster.yml. Is there a way to inject it at runtime?
c

chris

07/10/2023, 11:31 PM
you can use env vars which are filled by whichever secrets manager you happen to be using
j

Jordan Lewis

07/10/2023, 11:32 PM
Is there another option? This requires additional setup on each host.
c

chris

07/10/2023, 11:37 PM
not really another option that I can think of, although I think secrets setup shouldn’t be too bad, depending on what system you’re using? Do you have an anolog in another system of something you’d be expecting?
j

Jordan Lewis

07/10/2023, 11:39 PM
We have a uniform setup on each host that connects to a secrets manager. The code pulls down whatever secrets it needs this way, but only at runtime. This way the host is always the same save for the deployed code, and the secrets never end up in source control.
Adding env vars creates extra nuance on the prod hosts, and extra setup every time a dev wants to use it.
a

Adam Bloom

07/10/2023, 11:55 PM
Why not encapsulate that in a wrapper script?
j

Jordan Lewis

07/11/2023, 1:12 AM
That's not very tidy.