dstandish commented on a change in pull request #6376: [AIRFLOW-5705] Add
secrets backend and support for AWS SSM
URL: https://github.com/apache/airflow/pull/6376#discussion_r390138022
##########
File path: airflow/config_templates/default_airflow.cfg
##########
@@ -248,6 +248,16 @@ dag_processor_manager_log_location =
{AIRFLOW_HOME}/logs/dag_processor_manager/d
# Default to use task handler.
task_log_reader = task
+[creds_backend]
+# List of creds backend classes to use in order of desired search path
+class_list =
airflow.creds.environment_variables.EnvironmentVariablesCredsBackend,
airflow.creds.metastore.MetastoreCredsBackend
+
+# Use when using AWS SSM /
airflow.providers.amazon.aws.creds.ssm.AwsSsmCredsBackend as creds provider
+# If prefix is ``/airflow``, then example param path is
``/airflow/AIRFLOW_CONN_SMTP_DEFAULT``
+# Use same URI format as you would with env vars, or ``conn_uri`` CLI param.
+aws_ssm_prefix = /airflow
+aws_ssm_profile_name =
Review comment:
> that said, it would be possible to implement a custom secrets backend that
just searches a list of other secrets backends specific to our requirements.
yeah because of how it would be pretty straightforward to do this kind of
thing, for me this tips the scale over to just allowing one, because doing so
makes the config simpler. the config would then just need a single item like
`creds_backend_kwargs` -- no need for configuration of search path, and no need
to namespace the individual backend-specific configuration, which would be
required for supporting multiple simultaneously.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
