kaxil commented on a change in pull request #8436: URL: https://github.com/apache/airflow/pull/8436#discussion_r414134860
########## File path: docs/howto/use-alternative-secrets-backend.rst ########## @@ -52,7 +52,105 @@ Set ``backend`` to the fully qualified class name of the backend you want to ena You can provide ``backend_kwargs`` with json and it will be passed as kwargs to the ``__init__`` method of your secrets backend. -See :ref:`AWS SSM Parameter Store <ssm_parameter_store_secrets>` for an example configuration. +.. _local_filesystem_secrets: + +Local Filesystem Secrets Backend +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This backend is especially useful in the following use cases: + +* **development**: It ensures data synchronization between all terminal windows (same as databases), + and at the same time the values are retained after database restart (same as environment variable) +* **Kubernetes**: It allows you to store secrets in `Kubernetes Secrets <https://kubernetes.io/docs/concepts/configuration/secret/>`__ + or you can synchronize values using the sidecar container and + `a shared volume <https://kubernetes.io/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/>`__ +* **JSON**: If you're tired of defining all connections using a URI - creating JSON object is easier than using URI. + +To use variable and connection from local file, specify :py:class:`~airflow.secrets.local_filesystem.LocalFilesystemBackend` +as the ``backend`` in ``[secrets]`` section of ``airflow.cfg``. + +Available parameters to ``backend_kwargs``: + +* ``variables_file_path``: File location with variables data. +* ``connections_file_path``: File location with connections data. + +Here is a sample configuration: + +.. code-block:: ini + + [secrets] + backend = airflow.secrets.local_filesystem.LocalFilesystemBackend + backend_kwargs = {"variable_file_path": "/files/var.json", "connection_file_path": "/files/conn.json"} + +Both ``JSON`` and ``.env`` files are supported. All parameters are optional. If the file path is not passed, +the backend returns an empty collection. + +Storing and Retrieving Connections +"""""""""""""""""""""""""""""""""" + +If you have set ``connections_file_path`` as ``/files/my_conn.json``, then the backend will read the +file ``/files/my_conn.json`` when it looks for connections. + +The file can be defined in ``JSON`` or ``env`` format. + +The JSON file must contain an object where the key contains the connection ID and the value contains +the definitions of one or more connections. The connection can be defined as a URL (string) or object. Review comment: ```suggestion the definitions of one or more connections. The connection can be defined as a URI (string) or JSON object. ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
