is there any easy way to make an asset(or selectio...
# ask-community
is there any easy way to make an asset(or selection) depend on a resource-key? the use-case is to make
depend on aws secretsmanager's secrets being exposed on environment variables (which are used on dbt profiles)
Hi @Rene Silva are you trying to ensure that the assets loaded from dbt don’t appear (or aren’t loaded) if the aws secrets aren’t available in the the environment?
Hi! no, I'm trying to get the database credentials used by dbt from secretsmanater
ohh i see. i’m not super familiar with that, but i feel like something like this could work
Copy code
def verify_credentials():
   # code to check that aws credentials are valid and return True or False

all_assets = []
if verify_credentials():

#add other assets to all_assets

defs = Definitions(assets=all_assets, ...)
• load_assets_from_dbt project depends on environment variables being set • secretsmanager resource can expose its secrets as environment variables, however ◦ any op/asset that needs it must set required_resource_keys={'secret'} so I can't access secretsmanager's secrets by default, so that is why I wanted to know is there was any easy way to make an asset(or selection) depend on a resource-key
ah ok @owen could you take a look at this?
hi! the resource system is something that's generally relevant only when the actual computation is running (i.e. when you try to materialize one of the assets/models in your dbt project). So adding it as a required resource key would not have any impact on the functionality of
when it's called initially, it'd only impact things around the time that the actual
dbt run
command would be invoked. is a correct summary of your issue just that you'd like secrets from secretsmanager to be available as environment variables which are read when compiling/running the dbt project? If so, I don't think this is currently possible purely by making changes to your python code, as the environment variables set in the host process (the dagster process) are not going to be available to the dbt process that's kicked off when we're compiling/running dbt code (as we don't pass the current environment into that subprocess) what executor/run launcher are you currently using? I think that would be a good place to start in terms of setting up the environment to have your secrets loaded
thanks for the reply!
I'm running hybrid deployment, with a docker agent on an ec2
I wanted to use secretsmanager in dagster itself so I didn't need to operate the instance itself whenever I need to rotate secrets
but I I'll use dagster cloud environment variables instead