Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[flytekit] Polish - Secrets #6141

Open
2 tasks done
wild-endeavor opened this issue Jan 5, 2025 · 9 comments
Open
2 tasks done

[flytekit] Polish - Secrets #6141

wild-endeavor opened this issue Jan 5, 2025 · 9 comments
Assignees
Labels
backlogged For internal use. Reserved for contributor team workflow.

Comments

@wild-endeavor
Copy link
Contributor

wild-endeavor commented Jan 5, 2025

Secrets

This is a series of tickets to improve the flytekit authoring experience. If any changes are not possible to make in a backwards-compatible way, split it out into a separate ticket.

Rename argument

Rename secret_requests argument to secrets for task / eager / dynamic. The fact that it is a request is implied. However, probably add a user-facing note somewhere to make sure they don't accidentally put the actual secret in there.

Union support

Support a single Secret without having to wrap it in a list (i.e. secrets: list[Secret]|Secret|None).

Improve accessing

The current method to retrieve secrets (flytekit.current_context().secrets.get(key="WANDB_API_KEY")) is too verbose. Let's make it something like flytekit.access(key="WANDB_API_KEY").

Are you sure this issue hasn't been raised already?

  • Yes

Have you read the Code of Conduct?

  • Yes
@wild-endeavor wild-endeavor added documentation Improvements or additions to documentation untriaged This issues has not yet been looked at by the Maintainers labels Jan 5, 2025
@wild-endeavor wild-endeavor added backlogged For internal use. Reserved for contributor team workflow. and removed documentation Improvements or additions to documentation labels Jan 5, 2025
@thomasjpfan
Copy link
Member

I agree with renaming secret_requests to secrets and union.

For accessing, I like having secrets in the name somewhere: flytekit.secrets(key="WANDB_API_KEY").

@wild-endeavor
Copy link
Contributor Author

wild-endeavor commented Jan 9, 2025

@cosmicBboy

+1 to flytekit.get_secret("MY_SECRET").

just like this or with the key as @thomasjpfan suggested? If just like this, how do we deal with group? or limit only to secrets with no group?

+1 to remove group and key and just have a single string key (like with union sdk)

this would be backwards incompatible though - is that okay?

@cosmicBboy
Copy link
Contributor

We should also have an explicit environment var name in the secret definition: Secret(..., env_name="MY_ENV_VAR")

@thomasjpfan
Copy link
Member

I would continue to have group and key for flytekit. If we want the simple flytekit.get_secret("MY_SECRET") then change the order of key and group:

def get_secret(key: str, group: Optional[str] = None):
    ...

@granthamtaylor
Copy link

granthamtaylor commented Jan 10, 2025

I would like to also change the order of key and group in flytekit.Secret as well. When one does not use a group, they need to specify the keyword key when defining a Secret instance (flytekit.Secret(key="MY_SECRET")).

This is potentially a breaking change though, but having get_secret have one order (key, group) and Secret having a different order (group, key) feels like a really bad idea.

@thomasjpfan
Copy link
Member

get_secret is a new function, so it is not a breaking change. The issue is that it'll be confusing to have different orders between get_secret and Secret.

@eapolinario eapolinario removed the untriaged This issues has not yet been looked at by the Maintainers label Jan 16, 2025
@wild-endeavor wild-endeavor changed the title [Draft] [flytekit] Polish - Secrets [flytekit] Polish - Secrets Jan 17, 2025
@arbaobao
Copy link

#take

@arbaobao
Copy link

Hi @wild-endeavor,

I noticed that adding env_name to Secret has already been completed by Thomas. There are still several tasks that need to be completed.

  1. Rename secret_requests argument to secrets for task / eager / dynamic.
  2. Create a method called get_secret to improve accessing
    • different orders between get_secret and Secret <-- Is this what we are expecting to do?

Is there anything missing or misunderstood?

cc @thomasjpfan @cosmicBboy @granthamtaylor

@thomasjpfan
Copy link
Member

Yup those are the two items left. I would do them as separate PRs.

different orders between get_secret and Secret <-- Is this what we are expecting to do?

I agree it'll be too confusing for get_secret to have a different order. I think the quick way to do it is to force get_secret to be keyword only:

def get_secret(*, key: str, group: str=None):
    ...

This way, the user is forced to write get_secret(key="abc"). The order does not matter because keyword only forbids positional arguments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlogged For internal use. Reserved for contributor team workflow.
Projects
Status: Backlog
Development

No branches or pull requests

6 participants