airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] jmcarp commented on issue #4225: [AIRFLOW-3383] Rotate fernet keys.
Date Mon, 26 Nov 2018 14:54:55 GMT
jmcarp commented on issue #4225: [AIRFLOW-3383] Rotate fernet keys.
URL: https://github.com/apache/incubator-airflow/pull/4225#issuecomment-441666665
 
 
   * Agreed that it would be useful to integrate Airflow with external KMS options. But AWS/GCP/Azure
KMS services don't store encrypted credentials--they store encryption keys. AWS Parameter
Store and Hashicorp Vault do store secrets. Would you be interested in adding pluggable secret
encryption and/or storage for Airflow 2.0? I'd be happy to contribute.
   * I think it should be possible to rotate the Fernet key without updating all credentials.
Ideally users can easily automate updating all credentials, but that might not be possible--for
example, users might add credentials to Airflow manually, credentials might need to be pulled
from many sources, etc. And in general, it's good practice to make it possible to easily rotate
any cryptographic keys.
   
   By the way, I also submitted #4232, which should make it easier to programmatically update
credentials.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message