GitHub user dosubot[bot] added a comment to the discussion: How to configure dbt pipeline
<!-- Greeting --> Hi @GollaSaiVenkatesh! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the incubator-devlake team. <!-- Answer --> To securely provide Git credentials for your dbt project's Git URL in a DevLake deployment on Kubernetes, use standard Kubernetes practices: store your credentials (like SSH keys, personal access tokens, or a .netrc file) in a Kubernetes Secret, then mount that Secret as a file or inject it as environment variables into the DevLake pod. For SSH, mount your private key at the default location (`/root/.ssh/id_rsa` or similar) and ensure the pod has the right permissions. For HTTPS with username/password or token, you can mount a `.netrc` file or set the appropriate environment variables so the `git clone` command (used by DevLake's dbt plugin) can access the repo securely. DevLake itself does not provide a built-in mechanism for handling these secrets, so this is left to your Kubernetes setup ([see code reference](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/plugins/dbt/tasks/git.go)). For securely providing `profiles.yml`, create a Kubernetes Secret or ConfigMap containing your `profiles.yml` content, then mount it as a file to the path specified by the `profilesPath` option in your dbt pipeline config (or to the default project path if not specified). This ensures the file is available to the dbt process at runtime ([see code reference](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/plugins/dbt/tasks/convertor.go)). If you don't provide a `profiles.yml`, DevLake can generate one using the `DB_URL` environment variable, but for custom configs, mounting your own file is the secure approach. In summary: use Kubernetes Secrets for sensitive files, mount them into your DevLake pod, and point your dbt pipeline config to the correct paths. There are no DevLake-specific instructions for this, so follow Kubernetes best practices for secret management ([deployment example](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/devops/deployment/k8s/k8s-deploy.yaml)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/bdb3a3fc-4f68-4564-a853-b1ec2d104bd8?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-devlake/discussions/8486) GitHub link: https://github.com/apache/incubator-devlake/discussions/8486#discussioncomment-13621152 ---- This is an automatically sent email for dev@devlake.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@devlake.apache.org
