From dev-return-4431-archive-asf-public=cust-asf.ponee.io@airflow.incubator.apache.org Mon Jan 15 20:26:05 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id 176C6180657 for ; Mon, 15 Jan 2018 20:26:05 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id F2B31160C31; Mon, 15 Jan 2018 19:26:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 44506160C1C for ; Mon, 15 Jan 2018 20:26:04 +0100 (CET) Received: (qmail 32437 invoked by uid 500); 15 Jan 2018 19:26:03 -0000 Mailing-List: contact dev-help@airflow.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airflow.incubator.apache.org Delivered-To: mailing list dev@airflow.incubator.apache.org Received: (qmail 32425 invoked by uid 99); 15 Jan 2018 19:26:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Jan 2018 19:26:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 6951C18070D for ; Mon, 15 Jan 2018 19:26:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id C64XoTZheE25 for ; Mon, 15 Jan 2018 19:26:01 +0000 (UTC) Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com [209.85.161.179]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id AEFB25FAC2 for ; Mon, 15 Jan 2018 19:26:00 +0000 (UTC) Received: by mail-yw0-f179.google.com with SMTP id j128so2653663ywg.7 for ; Mon, 15 Jan 2018 11:26:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=7J8ff+H0kJlO0xiF2q23+aeqfm1ub7gmWo8pcMAoXT4=; b=jdWkt+iwObD1fGrEsusWJmbNj72MqMWTiAhPw0ElEO9PgyQ4mYtAJE50q08Xq7akrb hovTxcZeLy0XXwv/z7+5rCUEagk13hlGrOSTMXmC9Ot9yCuCmKvpx+9p6VMPVTfp8ro/ cV4SY++qoubkKORLH4vBILptIVyLmntD4CkRoMMddfhr19qJwSPVYqk4JQc3vOgb8fnk 2GNqVgVFKys81FYPPZYIBzBhSSKJ6ale9CNZKn94kCrT5kY9EeFmtgM5tMgEGU5OlXN4 hUAOJhr0gh0zaccdBqM9jA1gGFxtVlr/MGxxa1h8R+njIJCSOEWauiRLqpPwAuzwloYG nkdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=7J8ff+H0kJlO0xiF2q23+aeqfm1ub7gmWo8pcMAoXT4=; b=fIZqYCZ/V8Xv5Da1nH0MH4xqI+sDb3PPfusl43LKiNFHgV49PnZLmzyB1JIOUawhk2 Z6wsKaKQXvu2ctO2U1jmfOnZhfkV61h3uViNM6d2TRUOWJiqGTdVrpO2AGf70k7bFQPx rgWtQF5pu4irSUXs0a8KTAK7zDTjDMmgqZODlfSqoxFNqw0TV7949pflvLMGDvpM9JEM 1l2KdkIg7lkoCxR/kv3V9bzCP4wh174jw8rZeDpSfsVcvFbEVHqbGAu9DipPlDvtB7Ll q571d8YsvKtgP1CS/gHW/wbNNTBHv3rJMFqHeK2qeHyPZZClU4mT+VA3G9Nw/Ob4Arcq u5qQ== X-Gm-Message-State: AKGB3mKcPvcYuFQyoDSidh9rVV0JUPdTSF7oZ2+mauFJEPPGreT306n2 E25SQrSTXo1HCpIe07ZW4+vLoC6UP0ykkCRzSI/g+Q== X-Google-Smtp-Source: ACJfBou4g/mlW5mU8Y1TCFFlf7Q6cYxuCX8vQpqvxym3yiHQUYdjcocPdpXJnhaXu5lJUinG0e9OwO8Xl2+NH3AMIho= X-Received: by 10.129.95.66 with SMTP id t63mr32260715ywb.212.1516044353929; Mon, 15 Jan 2018 11:25:53 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Shah Altaf Date: Mon, 15 Jan 2018 19:25:43 +0000 Message-ID: Subject: Re: Credentials for accessing endpoints To: dev@airflow.incubator.apache.org Content-Type: multipart/alternative; boundary="001a1147f5a22e06e00562d59597" --001a1147f5a22e06e00562d59597 Content-Type: text/plain; charset="UTF-8" It might depend on who you're trying to secure it from. My understanding is (correct me) that the airflow connections are encrypted in the DB so it should be good enough -- just make sure you've got the crypto package and you've generated a FERNET key. See : http://airflow.readthedocs.io/en/latest/configuration.html#connections If you want to go beyond that, and suppose you're using containers, you could have a look at environment variables. There are other external secret holders like Hashicorp Vault, AWS Parameter Store... but you'll need to evaluate whether it's worth the extra setup/overhead. On Mon, Jan 15, 2018 at 7:05 PM Veeranagouda Mukkanagoudar < mukkanagoudar@gmail.com> wrote: > Hi, > > We have been using .conf/.ini files to store the credentials to access > endpoints. Wondering if there is a better and secure way to store the > credentials besides as Airflow connections in Admin console. > > -Veera > --001a1147f5a22e06e00562d59597--