potiuk commented on a change in pull request #19164:
URL: https://github.com/apache/airflow/pull/19164#discussion_r736671295
##########
File path: airflow/providers/google/cloud/utils/credentials_provider.py
##########
@@ -283,6 +289,31 @@ def _get_credentials_using_key_path(self):
project_id = credentials.project_id
return credentials, project_id
+ def _get_credentials_using_key_secret_name(self):
+ self._log_debug('Getting connection using JSON key data from GCP
secret: %s', self.key_secret_name)
+
+ # Use ADC to access GCP Secret Manager.
+ adc_credentials, adc_project_id =
google.auth.default(scopes=self.scopes)
+ secret_manager_client =
_SecretManagerClient(credentials=adc_credentials)
Review comment:
I kind of agree with @keze - that this is rather valid use case, I
think. Indeed specific to a GCP with metaserver, and there can be in this case
some cases where impersonation is aither impossible or not yet implemented. Not
the most secure way but I agree that it's a bit more secure than just stroring
the SA key directly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
