kaxil commented on pull request #8889: URL: https://github.com/apache/airflow/pull/8889#issuecomment-631565244
> I can see people wanting to store connections in (Hashicorp) Vault, but still allow Admins/Ops in the cluster to edit Variables, or add new connections; but they just then store it in Vault so they know how it is secured; that secrets are all in a single place etc. Vaults are more often than not automated using Terraform or either Ansible. Anything in Airflow that writes a secret to a Vault or a Secret Manager would be visible somewhere in the UI (Code View if directly writing using DAG, Xcom if that secret is retrieved from any other location and passed on to a task etc that write to Secret Manager). Anyways, whether or not to have "write"/"put" method for Secret Backend is a separate discussion. But -1 for me too for this PR, no need for a separate backend for Variable. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
