[
https://issues.apache.org/jira/browse/AIRFLOW-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15287048#comment-15287048
]
Chris Riccomini commented on AIRFLOW-45:
----------------------------------------
{quote}
I'd have to go change the config whenever I do this, which is kind of annoying
{quote}
(Yes, quoting myself :)). Perhaps not. As long as the regex was something like
'.*secret.*', and I stuck to that as a naming convention, I'd be fine. Still,
to limit burden on [~cheny258], I'd like to keep the regex to a separate
ticket. I'll open it up after this one is closed off. [~withnale]/[~sanand],
does that sounds OK?
> Support hidden Airflow variables
> --------------------------------
>
> Key: AIRFLOW-45
> URL: https://issues.apache.org/jira/browse/AIRFLOW-45
> Project: Apache Airflow
> Issue Type: Improvement
> Components: security
> Reporter: Chris Riccomini
> Assignee: Matthew Chen
>
> We have a use case where someone wants to set a variable for their DAG, but
> they don't want it visible via the UI. I see that variables are encrypted in
> the DB (if the crypto package is installed), but the variables are still
> visible via the UI, which is a little annoying.
> Obviously, this is not 100% secure, since you can still create a DAG to read
> the variable, but it will at least keep arbitrary users from logging
> in/loading the UI and seeing the variable.
> I propose basically handling this the same way that DB hook passwords are
> handled. Don't show them in the UI when the edit button is clicked, but allow
> the variables to be editable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
