Does anyone have thoughts on how to get secrets into a pytest environment? I've recently started using doppler and it provides a doppler run command to put env vars into a command, but that requires typing

doppler run pants...

and also requires allowlisting all the env vars in pants (right?)

that's what we do (

[test]
extra_env_vars = [ ... ]

And run pants inside docker or a wrapper that set the env vars from secrets

that makes sense; I am not currently running pants in docker though...

it's the same, the point is that you pass secrets through ENV

I'm mostly wondering if there is a way to set things up to not take so much plumbing

I've used env vars in

pytest.ini

. Best option probably depends (like everything), but for me it's nice because • those env vars obviously are valid only in test runs • having secrets there visible shouldn't be an issue, as test env should be isolated in any case • I can see all env vars that need to be set for tests to work in one place, and • ....it kindly suggest people should use more powerful pytest instead of vanilla unit test suite 😉 • it can be included as-is in Docker if you really need dynamic secrets in test env though, I'd consider either just reading those secrets in code if possible, or maybe use some other tool to substitute env var in

pytest.ini

, say

%%myenv%%

and a tool that replaces that string before deploying it with doppler secrets?