airflow-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaxil Naik <kaxiln...@gmail.com>
Subject Re: Encrypted passwords in the airflow.cfg
Date Wed, 21 Apr 2021 13:16:33 GMT
Yeah like XD said, you can use Environment Variables or use *_cmd* or *_secret
*vars to get value from running a command or from Secrets Backend,
check https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html
<https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html>this
out.

The following config options support the _cmd and _secret version:

   -

   sql_alchemy_conn in [core] section
   -

   fernet_key in [core] section
   -

   broker_url in [celery] section
   -

   flower_basic_auth in [celery] section
   -

   result_backend in [celery] section
   -

   password in [atlas] section
   -

   smtp_password in [smtp] section
   -

   secret_key in [webserver] section


On Wed, Apr 21, 2021 at 1:58 PM David Harris <dharris@caci.co.uk> wrote:

> It’s also possible to just use any environment variable you want in the
> .cfg file.
>
>
>
> e.g. Our config for this is…
>
>
>
> sql_alchemy_conn = postgresql+psycopg2://$PG_USER_ME:$PG_PW_ME@ken-db-02
> /npdairflow
>
>
>
>
>
>
>
> *From:* Xiaodong Deng <xddeng@apache.org>
> *Sent:* 21 April 2021 09:03
> *To:* dev@airflow.apache.org
> *Cc:* users@airflow.apache.org
> *Subject:* Re: Encrypted passwords in the airflow.cfg
>
>
>
> CAUTION: This email originated from outside of CACI. Do not click links
> or open attachments unless you recognise the sender and know the content is
> safe.
>
> "Encrypt them in the airflow.cfg" may not be feasible.
>
>
>
> Maybe you want to try using environment variables for these
> configuration items instead, which addresses security concerns at some
> level.
>
>
>
> These documentation pages below may be helpful:
>
> -
> https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#sql-alchemy-conn
>
> -
> https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_CMD
>
> -
> https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_SECRET
>
>
>
>
>
> Regards,
>
> XD
>
>
>
> On Wed, Apr 21, 2021 at 9:45 AM Mehmet - <mehmet.ersoy1418@gmail.com>
> wrote:
>
> Hi Team,
>
>
>
> Is it possible to keep sql_alchemy_conn and ldap-bind_user passwords
> encrypted in the airflow.cfg?
>
>
>
> Thank you.
>
> --
>
> Mehmet ERSOY
>
>
> This electronic message contains information from CACI International Inc or
> subsidiary companies, which may be confidential, proprietary,
> privileged or otherwise protected from disclosure.  The information is
> intended to be used solely by the recipient(s) named above.  If you are not
> an intended recipient, be aware that any review, disclosure, copying,
> distribution or use of this transmission or its contents is prohibited.  If
> you have received this transmission in error, please notify us immediately
> at postmaster@caci.co.uk
> Viruses: Although we have taken steps to ensure that this e-mail and
> attachments are free from any virus, we advise that in keeping with good
> computing practice the recipient should ensure they are actually virus
> free.
>
> CACI Limited. Registered in England & Wales. Registration No. 1649776.
> CACI House, Avonmore Road, London, W14 8TS
>

Mime
View raw message