Support Secrets via Environment using HydroMT

Deltares / hydromt

HydroMT: Automated and reproducible model building and analysis

https://deltares.github.io/hydromt/

MIT License

67 stars 27 forks source link

Support Secrets via Environment using HydroMT #893

Open Jaapel opened 4 months ago

Jaapel commented 4 months ago

Kind of request

Adding new functionality

Enhancement Description

Many drivers will have to use certain credentials, like passwords, keys. HydroMT should support environment variablesfrom the DataCatalog, so that people will not put credentials in their data catalogs.

Use case

reading using AWS / GCP / Azure credentials or custom APIs, databases.

Additional Context

Secrets should never be printed to the logfile or terminal

Jaapel commented 2 months ago

Using environment variables is relatively easy. Secrets files can have different formats:

SECRET1=string1
SECRET2=string2

but also json, or ini formats (or custom formats), we will implement environment variables as secrets first.

savente93 commented 2 months ago

I would like to argue strongly against the use of a custom format. Parsing is a lot of work to maintain so unless there is a very good reason, I think we ought to stay with the standard file formats.

Jaapel commented 2 months ago

Yes, that is why I would like to stick to env variables for now