Secure dbt profile which holds password

dbt profile holds passwords for db, what are some of the options to secure this file while the dbt has access to this file.

Can the profile be encrypted and let dbt decrypt?


You can set the password in environment variables and the dbt profile will get them automatically using env_var() function.

Reference: env_var | dbt Docs

We generally use AWS KMS encryption for dbt profile file before adding it to version control, and while running DBT in AWS codebuild we decrypt the profile file. In general there is a shell script doing these operations. This way we keep our dev and prod profiles separated.

1 Like

These ist helpful. Thanks! :+1: