Hey outbounds folks 👋 Question re: the production token We've been working on a flow that automates the process of running the

create

metaflow command. We're doing this so 1) engineers are not deploying from their laptops and 2) we have argo workflows checked into our gitops repo. We have some existing metaflow production flows that were deployed by a user we'd like to port to our gitops repo as well. However, we're hitting the below problem

There is an existing version of minimumflow.prod.minimumflow on Argo Workflows which was deployed by the user

The best we can think of to resolve the issue are to add each token as a secret, or to ask devs to input them as parameters each time they run the workflow. Both solutions are kind of ugly. • These tokens seem unsafe to check into source control. Would it be better to add them as secrets? • Do you have any other suggestions on 1/2? Edit - I do see "They need to use the

--authorize

option only once. Metaflow stores the token for them after the first deployment, so they need to do this only once." in the docs. Does this mean the production token is always stored on the user's device locally or is there an authorization component?