Hello again 🙂 I have all my secrets in AWS Secrets Manager and want to configure as little as possible Github Secrets. So I’ve configured my AWS Credentials in Github Secrets so I can use

secretsmanager_secrets_resource

to gather anything I need from AWS Secrets. The problem I have is that

'add_to_environment': True,

puts all the retrieved json payload from AWS into a single environment variable with my secret key as the Env name. Then When I want to use

snowflake_io_manager

I’m not able to reference the json fields in my StringSource parameters.

"io_manager_snowflake": snowflake_io_manager.configured({
                    'account': {'env': 'SNOWFLAKE_ACCOUNT'},
                    'user': {'env': 'SNOWFLAKE_USER'},
                    'password': {'env': 'SNOWFLAKE_PASSWORD'},
                    'database': {'env': 'SNOWFLAKE_DATABASE'},
                    'schema': {'env': 'SNOWFLAKE_SCHEMA'},
                    'warehouse': {'env': 'SNOWFLAKE_WAREHOUSE'}
                }),

Is there a way to do that?

Hey Jacob, you could replace

{'env': 'SNOWFLAKE_ACCOUNT'}

with arbitrary code to parse the environment, but I think you're going to hit another problem, which is that the secretsmanager resource and the snowflake io manager are initialized at the same time, so the environment variables you're looking for most likely won't be set The AWS secrets resource is designed for jobs that need those secrets when they are run, not other resources that need them when the repo is initialized We're working on a more native approach to solve this problem, but for now here is a working example that uses a helper function to load the secrets into the environment when the repository is being initialized https://github.com/slopp/cereals_awssecrets