-
Notifications
You must be signed in to change notification settings - Fork 910
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow users to pass credentials through environment variables #1909
Comments
One question I have it, why Effectively, people can then just use the environment variable as a template variable and bypass the Would this still work with |
That's a great question @noklam and my preference would be to make the My opinion with regards to I will make sure to talk about this in the config workshop in a couple of weeks. |
@MerelTheisenQB That's a great idea to move to the config framework that supports env variables! In Having this solved out-of-the-box by |
It's great to hear you like this idea @szczeles 😄 I'll check out the custom config loader you made! Any other features you'd like to see with regards to configuration? |
@MerelTheisenQB Thanks for asking! I've added 2 more comments with challenges that we faced with the current configuration parsing logic during Kedro deployments: |
Left to do: add documentation to explain this functionality. |
Description
In the new config loader (#1868), allow users to pass credentials through environment variables using the
OmegaConf
resolveroc.env
: https://omegaconf.readthedocs.io/en/latest/custom_resolvers.html#oc-envContext
The "default" way for Kedro to deal with credentials is through the
credentials.yml
file. @AntonyMilneQB has explained very thoroughly how this works and why it's problematic here: #1646Over time many users have flagged that they want to be able to pass credentials through environment variables. Currently, this is possible if users use the
TemplatedConfigLoader
, but ideally this functionality would be available by default.Insight 11 of the configuration research also showed that users are currently storing credentials in environment variables: #1847
Implementation
The new configloader will use
OmegaConf
instead ofanyconf
Add a new configloader withOmegaConf
as replacement foranyconf
#1868The built-in resolvers will be turned off
In this task add logic to load credentials using
OmegaConf
with the oc.env resolver turned on. This might mean separating the credentials loading logic so that the resolver for that loading process hasn't been turned off. If this is impossible or really difficult, we'll allow env variables for all config, but that should be discussed.Document how should users pass credentials - as current way to do it is via `TemplatedConfigLoader
The text was updated successfully, but these errors were encountered: