RaphCodec commented on issue #55918: URL: https://github.com/apache/airflow/issues/55918#issuecomment-3763941966
Full disclosure: this suggestion is not mine; I found it in the articles below. The suggested proposed approach is to use a custom Airflow plugin that hooks into SQLAlchemy’s do_connect and leverages an event listener to refresh managed identity tokens on each metadata DB connection attempt. I, too, am deploying Airflow on Azure and have similar concerns about using managed identity with Postgres for the metadata DB. I haven’t tested this in production, so I can’t say how well this works. If anyone has tried this in production, it would be awesome to know if this works well. If it does work well then maybe it can be built into Airflow as a solution to the discussion thread linked above. https://medium.com/@ferdiferdiferdi/deploying-apache-airflow-in-azure-a-secured-way-0c126df3031d https://stackoverflow.com/questions/61100925/sqlalchemy-refreshable-credentials-for-iam-auth-with-boto3 Hope this helps! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
