ashb commented on code in PR #47946:
URL: https://github.com/apache/airflow/pull/47946#discussion_r2005350747
##########
airflow/config_templates/config.yml:
##########
@@ -1416,6 +1416,29 @@ api:
version_added: 2.7.0
example: ~
default: "False"
+workers:
+ description: Configuration related to workers that run Airflow tasks.
+ options:
+ secrets_backend:
+ description: |
+ Full class name of secrets backend to enable for workers (will precede
env vars backend)
+ version_added: 3.0.0
+ type: string
+ example:
"airflow.providers.amazon.aws.secrets.systems_manager.SystemsManagerParameterStoreBackend"
+ default: ""
+ secrets_backend_kwargs:
+ description: |
+ The secrets_backend_kwargs param is loaded into a dictionary and
passed to ``__init__``
+ of secrets backend class. See documentation for the secrets backend
you are using.
+ JSON is expected.
+
+ Example for AWS Systems Manager ParameterStore:
+ ``{"connections_prefix": "/airflow/connections", "profile_name":
"default"}``
+ version_added: 3.0.0
+ type: string
+ sensitive: true
+ example: ~
+ default: ""
Review Comment:
I think the runtime behaviour should be something like
```
conf.get("worker", "secrets_backend", fallback=None) or conf.get("secrets",
"backend")
```
That way you _can_ have one uniform config on all nodes but control the
behaviour on workers vs api servers differently.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
