Having db connection string as a secret - e.g. in dotenv file

Is it possible to keep the connection string in .env file? Or are there other good practices to keep the connection string out of prodigy.json?

One option might be to use environment variable overrides. You could source a .env file that also contains export commands such that it loads a PRODIGY_CONFIG_OVERRIDES variable with settings.

For example, suppose that this is your .env file:

export PRODIGY_CONFIG_OVERRIDES='{"theme": "spacy"}'

Then you can source it.

source .env

You can then confirm the environment variable has been set.

{"theme": "spacy"}

And when I now load a demo Prodigy app, you can confirm that the theme has updated.

python -m prodigy textcat.manual issue-5975 examples.jsonl --label pos,neg

You should be able to repeat the steps but with your database settings in the PRODIGY_CONFIG_OVERRIDES environment variable.