Wilson Lian created AIRFLOW-2062:
------------------------------------
Summary: Support just-in-time decryption of Connection credentials
in GoogleCloudBaseHook
Key: AIRFLOW-2062
URL: https://issues.apache.org/jira/browse/AIRFLOW-2062
Project: Apache Airflow
Issue Type: Improvement
Components: contrib
Reporter: Wilson Lian
This entails adding a connection extra field to store a path to a GCP Cloud KMS
cryptoKey to be used for decryption.
To avoid a chicken and egg problem, the cryptoKey must be accessible using
application default credentials.
In the meantime, a workaround is to create a subclass of SubDagOperator in
which the "business" task depends on a task that decrypts the key, places it
into a temp file in shared storage, and sets up a new Airflow Connection
referencing it; and afterwards another task deletes the temp file and Airflow
Connection
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
