airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Harris <dhar...@caci.co.uk>
Subject RE: Encrypted passwords in the airflow.cfg
Date Wed, 21 Apr 2021 12:58:23 GMT
It’s also possible to just use any environment variable you want in the .cfg file.

e.g. Our config for this is…

sql_alchemy_conn = postgresql+psycopg2://$PG_USER_ME:$PG_PW_ME@ken-db-02/npdairflow



From: Xiaodong Deng <xddeng@apache.org>
Sent: 21 April 2021 09:03
To: dev@airflow.apache.org
Cc: users@airflow.apache.org
Subject: Re: Encrypted passwords in the airflow.cfg

CAUTION: This email originated from outside of CACI. Do not click links or open attachments
unless you recognise the sender and know the content is safe.
"Encrypt them in the airflow.cfg" may not be feasible.

Maybe you want to try using environment variables for these configuration items instead, which
addresses security concerns at some level.

These documentation pages below may be helpful:
- https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#sql-alchemy-conn
- https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_CMD
- https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_SECRET


Regards,
XD

On Wed, Apr 21, 2021 at 9:45 AM Mehmet - <mehmet.ersoy1418@gmail.com<mailto:mehmet.ersoy1418@gmail.com>>
wrote:
Hi Team,

Is it possible to keep sql_alchemy_conn and ldap-bind_user passwords encrypted in the airflow.cfg?

Thank you.
--
Mehmet ERSOY
This electronic message contains information from CACI International Inc or
subsidiary companies, which may be confidential, proprietary,
privileged or otherwise protected from disclosure.  The information is
intended to be used solely by the recipient(s) named above.  If you are not
an intended recipient, be aware that any review, disclosure, copying,
distribution or use of this transmission or its contents is prohibited.  If
you have received this transmission in error, please notify us immediately
at postmaster@caci.co.uk
Viruses: Although we have taken steps to ensure that this e-mail and 
attachments are free from any virus, we advise that in keeping with good 
computing practice the recipient should ensure they are actually virus free.

CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore
Road, London, W14 8TS
Mime
View raw message