[GitHub] [airflow] mik-laj commented on a change in pull request #7741: [AIRFLOW-7076] Add support for HashiCorp Vault as Secrets Backend

Mon, 16 Mar 2020 16:50:22 -0700 

mik-laj commented on a change in pull request #7741: [AIRFLOW-7076] Add support 
for HashiCorp Vault as Secrets Backend
URL: https://github.com/apache/airflow/pull/7741#discussion_r393372282
 
 

 ##########
 File path: docs/howto/connection/index.rst
 ##########
 @@ -179,6 +179,41 @@ Optionally you can supply a profile name to reference aws 
profile, e.g. defined
 
 The value of the SSM parameter must be the :ref:`airflow connection URI 
representation <generating_connection_uri>` of the connection object.
 
+.. _hashicorp_vault_secrets:
+
+Hashicorp Value Secrets Backend
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To enable SSM parameter store, specify 
:py:class:`~airflow.providers.hashicorp.secrets.vault.VaultSecrets`
+as the ``backend`` in  ``[secrets]`` section of ``airflow.cfg``.
+
+Here is a sample configuration:
+
+.. code-block:: ini
+
+    [secrets]
+    backend = airflow.providers.hashicorp.secrets.vault.VaultSecrets
+    backend_kwargs = {"path": "airflow", "url": "http://127.0.0.1:8200"}
+
+You can also set and pass values to Vault client by setting environment 
variables. All the
+environment variables listed at 
https://www.vaultproject.io/docs/commands/#environment-variables are supported.
+
+Hence, if you set ``VAULT_ADDR`` environment variable like below, you do not 
need to pass ``url``
+key to ``backend_kwargs``:
+
+.. code-block:: bash
+
+    export VAULT_ADDR="http://127.0.0.1:8200";
+
+If you have set your path as ``airflow``, then for a connection id of 
``smtp_default``, you would want to
 
 Review comment:
   Before adding information about a secret backend on this page, we only had 
the configuration described, which can be changed during runtime. This was 
information that a normal Airflow user used (User guide). We now also have 
information that is very specific and is not used by normal users during 
everyday use (Administrator Guide). Would you section this information on a new 
page? This page should only contain references to the new page. WDYT?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to