Overview
Environment variables are securely stored in HashiCorp Vault and used to configure your dbt profiles.yml file. This allows you to keep sensitive credentials separate from your code while maintaining secure access to your data sources.How It Works
When you set up environment variables in TensorStax:- Secure Storage: All environment variables are encrypted and stored in HashiCorp Vault
- Automatic Integration: Variables are automatically injected into your dbt runtime environment
- Profile Configuration: Your profiles.yml file references these variables using the
env_var()function
Setting Environment Variables
Navigate to your dbt project settings and add the required environment variables for your data source connections. Common variables include:- Database credentials (username, password)
- Connection details (account, warehouse, database)
- Role and schema information
Example profiles.yml Configuration
Here’s how your profiles.yml file would reference the environment variables:Security Benefits
Encrypted Storage
All environment variables are encrypted at rest in HashiCorp Vault.
Access Control
Role-based access controls determine who can view or modify variables.
Best Practices
Variable Naming Convention
Variable Naming Convention
Use clear, descriptive names with prefixes to identify the service:
DBT_SNOWFLAKE_ACCOUNTDBT_POSTGRES_HOSTDBT_BIGQUERY_PROJECT
Regular Rotation
Regular Rotation
Regularly rotate sensitive credentials like passwords and API keys for enhanced security.
Minimal Exposure
Minimal Exposure
Only set the environment variables that are actually needed for your dbt project.
Team Access
Team Access
Grant environment variable access only to team members who need it for their work.