dwreeves opened a new issue, #62359: URL: https://github.com/apache/airflow/issues/62359
### Apache Airflow Provider(s) snowflake ### Versions of Apache Airflow Providers 6.3.0+ ### Apache Airflow version 2.11 ### Operating System OSX ### Deployment Astronomer ### Deployment details I'm using `AwsSecretsManagerBackend` ### What happened In 6.3.0, the Snowflake provider swapped to requiring base64-encoded private keys. This causes my secrets to fail as-is, since I am using plaintext encrypted private keys My understanding is: the reason for this change was to support the GUI: multi-line password inputs are very hard to support. See #47003 for more discussion. I use an automated system to manage secrets in a programmatic, SSoT secret store, so the GUI isn't a limiting factor for me personally. This is true of many other people. Meanwhile, b64encoding requires me to change other code that uses this as SSoT. ### What you think should happen instead I believe that it is not very difficult to support both b64encoding **and** plaintext. It does not need to be exclusive or. Just check that the string starts with `-----BEGIN ENCRYPTED PRIVATE KEY-----`, `-----BEGIN RSA PRIVATE KEY-----`, or `-----BEGIN PRIVATE KEY-----`. If so, then b64encoding is not being used. Else, assume b64encoding. An alternate approach could be `try: except:`, but I believe it is a little more sane to just check for private key headers. ### How to reproduce Use Snowflake provider prior to 6.3, then upgrade. ### Anything else _No response_ ### Are you willing to submit PR? - [x] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
