How can I avoid having the credentials in plain text in the profiles.yml file?
1 Like
You’re recommended to use Jinja templates with an ENV_VAR eg: {{ env_var(POSTRES_PASSWORD) }} however with using container secrets I’m getting issues converting the secret file to value Jinja can use.
eg: the following does not work.
{% with open('/run/secrets/pgpass','r') as f: set secret = f.read() %}
project_1:
outputs:
dev:
dbname: dbt_rupert
host: postgres
pass: "{{ secret }}"
port: 5432
schema: finance
threads: 1
type: postgres
user: dbt
target: dev
In the end I used a .env file with ENV_PASS=<the password> and in the docker-compose.yml environment stanza:
services:
dbt:
image: ghcr.io/dbt-labs/dbt-postgres:1.8.2
environment:
DBT_PASSWORD: "${ENV_PASS}"
then in your profiles.yml:
project_1:
outputs:
dev:
dbname: dbt_rupert
host: postgres
pass: "{{ env_var('DBT_PASSWORD') }}"
port: 5432
schema: finance
threads: 1
type: postgres
user: dbt
target: dev
It’s not encrypted but it is hidden from submission if you use .gitignore