You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we transition to Pydantic 2 (@munrojm is working on this for much of the MP stack), we should think about a slightly more secure mechanism for storing database secrets both in Jobflow configuration files. This is specifically referring to maggma-based credentials.
My proposed recommendation is to use the secrets management features of pydantic-settings, as discussed here (also see this page). Of course, there's no way of avoiding storing some credential somewhere, but this seems like a slightly better approach. That way, if someone shares their config file with someone else without thinking (or even posts it on GitHub), their credentials won't be directly exposed.
The text was updated successfully, but these errors were encountered:
When we transition to Pydantic 2 (@munrojm is working on this for much of the MP stack), we should think about a slightly more secure mechanism for storing database secrets both in Jobflow configuration files. This is specifically referring to maggma-based credentials.
My proposed recommendation is to use the secrets management features of
pydantic-settings, as discussed here (also see this page). Of course, there's no way of avoiding storing some credential somewhere, but this seems like a slightly better approach. That way, if someone shares their config file with someone else without thinking (or even posts it on GitHub), their credentials won't be directly exposed.The text was updated successfully, but these errors were encountered: