[
https://issues.apache.org/jira/browse/AIRFLOW-654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bolke de Bruin resolved AIRFLOW-654.
------------------------------------
Resolution: Fixed
Fix Version/s: (was: Airflow 1.7.1.3)
1.9.0
Issue resolved by pull request #2333
[https://github.com/apache/incubator-airflow/pull/2333]
> SSL for AMQP w/ Celery(Executor)
> --------------------------------
>
> Key: AIRFLOW-654
> URL: https://issues.apache.org/jira/browse/AIRFLOW-654
> Project: Apache Airflow
> Issue Type: Improvement
> Components: celery, executor
> Affects Versions: Airflow 2.0, Airflow 1.8
> Environment: Tested on:
> Airflow 1.7.1.3, celery[auth] 4.0, et.al.
> Reporter: Michael Otte
> Labels: patch, security
> Fix For: 1.9.0
>
>
> Add celery ssl certs for amqp (w/ rabbitmq) encryption. This can go in
> celery_executor.py and set with current airflow configuration practices (e.g.
> explicit in airflow.cfg, env var, etc.)
> tldr
> Currently, celery's AMQP messages cannot be encrypted using SSL unless a SSH
> tunnel, VPN, or an alternative network encryption protocol is used.
> This is the only feature addition required to be able to use Airflow in an
> end-to-end encrypted, distributed system.
> The webserver, the disk volume, etc. can be encrypted outside of Airflow with
> good security practices (e.g. the webserver can be secured at the proxy
> layer, GCM with AES can be used for in-state encryption, etc.)
> Could technically use the certs from the webserver (link to commit/issue
> comment below) if you're lazy and if the certs are issued from the same
> certificate authority as the broker's certs.
> https://issues.apache.org/jira/browse/AIRFLOW-91?focusedCommentId=15503562&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15503562
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
