jscheffl commented on PR #40899: URL: https://github.com/apache/airflow/pull/40899#issuecomment-2242096870
> One small comment on that. I **think** the mechanism is cool. But we should use different secret key - not the webserver one. Otherwise DAG authors will have access to webserver key which is somewhat sensitive. the Internal API key should be different. Yes, DAG authors could have access to the secret key. But all is internal API components need to have a shared secret. Even if we use any other means (adding another different key, using a specific keyfile, even if public/private keypair is used) the DAG code has access to these details and could grab the key. This might be a very more complex mechanism needed if the key should be secured and this might impose a more complex implementation. I'd propose to take this into consideration when we go to Airflow 3, as ash also described a few mechanisms in his AIP-72 that might be used. So, WDYT: a) okay, LGTM b) please use one additional key for internal API, replace webserver-key - gut a static shared key in Airflow conf is okay in general c) We need to re-think the key distribution also in Airflow 2.10 for this -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
