keze commented on a change in pull request #19164:
URL: https://github.com/apache/airflow/pull/19164#discussion_r735706319
##########
File path: airflow/providers/google/cloud/utils/credentials_provider.py
##########
@@ -283,6 +289,31 @@ def _get_credentials_using_key_path(self):
project_id = credentials.project_id
return credentials, project_id
+ def _get_credentials_using_key_secret_name(self):
+ self._log_debug('Getting connection using JSON key data from GCP
secret: %s', self.key_secret_name)
+
+ # Use ADC to access GCP Secret Manager.
+ adc_credentials, adc_project_id =
google.auth.default(scopes=self.scopes)
+ secret_manager_client =
_SecretManagerClient(credentials=adc_credentials)
Review comment:
Hi Kamil, I agree with you that using impersonation is better, but we
already have two less secure options, key file path to GCS and enconded key
data.
This is an important feature request from the Composer customer which wanted
a more secure version next to the existing two. Also, currently impersonation
doesn't work for all GCP operators
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
