airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wilson Lian (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AIRFLOW-2062) Support just-in-time decryption of Connection credentials in GoogleCloudBaseHook
Date Sat, 03 Feb 2018 00:55:00 GMT
Wilson Lian created AIRFLOW-2062:
------------------------------------

             Summary: Support just-in-time decryption of Connection credentials in GoogleCloudBaseHook
                 Key: AIRFLOW-2062
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2062
             Project: Apache Airflow
          Issue Type: Improvement
          Components: contrib
            Reporter: Wilson Lian


This entails adding a connection extra field to store a path to a GCP Cloud KMS cryptoKey
to be used for decryption.

To avoid a chicken and egg problem, the cryptoKey must be accessible using application default
credentials.

In the meantime, a workaround is to create a subclass of SubDagOperator in which the "business"
task depends on a task that decrypts the key, places it into a temp file in shared storage,
and sets up a new Airflow Connection referencing it; and afterwards another task deletes the
temp file and Airflow Connection



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message