Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow defining credentials from variable environment
See original GitHub issueDescription
It is not clear how one can best deploy Kedro with credentials for production. A good practice in traditional applications is to put sensitive credentials using environment variables.
In Kedro, it looks like it relies only on credentials.yml, located somewhere except in conf/local/ folder.
(PS: If I’m missing something with this, the problem is probably bad or missing documentation since I’m not able to find this information in the doc)
Context
Using environment variables will help standardize the deployment of Kedro like any app, thus reduces learning curve for developers.
Possible Implementation
Possible change could be to look for environment variables first, before looking for the content of credentials.yml. Changes will mainly be located in ConfigLoader class.
Possible Alternatives
I create credentials.yml file in config/base/ folder, because this folder ignored by Git, but is still packaged in the Kedro Docker. This is still not good because the credentials are now located in the Docker images repository: Anyone can pull that image and get prod credentials!
If this is an interesting implementation (which I think it is), I would be happy to contribute by implementing it. I first want to open the discussion about the best implementation given Kedro orientation, before making any pull request.
Regards,
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@htaidirt, thank you for your contribution. Please find some comments below.
Currently Kedro supports deploying credentials for production via configuration environments. Default project template contains 2 of them -
conf/baseis intended for storage of non-sensitive shareable configuration, andconf/local, where you can put sensitive credentials.conf/localis in.gitignoreby default. Please find more information on how kedro configuration module works in this section of documentation.conf/baseis indeed copied into Docker image, however, as documentation suggests, it is not intended to store any credentials. You should rather store your credentials inconf/local/credentials.yml, which is in.dockerignoreby default.Currently you can manually construct/enrich your credentials dictionary in src/<package_name>/run.py with any data, including one coming from the environment variables.
In long term we consider adding templating capability for kedro configs, which may, possibly, handle environment variables, however exact specification hasn’t been finalised yet.
I posted my solution in How do I fill the credentials from environment variables #403
Thanks for the help