airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Riccomini (JIRA)" <>
Subject [jira] [Commented] (AIRFLOW-45) Support hidden Airflow variables
Date Wed, 04 May 2016 20:41:13 GMT


Chris Riccomini commented on AIRFLOW-45:

> I think we should have a configuration variable to hide/expose the encrypted values in
the UI for both Variables and Connections. It should likely affect all Variables and/or Connections
in a given Airflow installation and not be DAG specific.

This seems OK to me. So, current proposal is:

# Add a config param to airflow.cfg called hide_encrypted_ui_fields
# Default hide_encrypted_ui_fields to true

The hide_encrypted_ui_fields param would hide `passwords` and `extras` in the hooks view,
as well as the `value` of variables in the variables view.

Does that sound OK?

> Support hidden Airflow variables
> --------------------------------
>                 Key: AIRFLOW-45
>                 URL:
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: security
>            Reporter: Chris Riccomini
>            Assignee: Matthew Chen
> We have a use case where someone wants to set a variable for their DAG, but they don't
want it visible via the UI. I see that variables are encrypted in the DB (if the crypto package
is installed), but the variables are still visible via the UI, which is a little annoying.
> Obviously, this is not 100% secure, since you can still create a DAG to read the variable,
but it will at least keep arbitrary users from logging in/loading the UI and seeing the variable.
> I propose basically handling this the same way that DB hook passwords are handled. Don't
show them in the UI when the edit button is clicked, but allow the variables to be editable.

This message was sent by Atlassian JIRA

View raw message