Wilson Lian created AIRFLOW-2062: ------------------------------------ Summary: Support just-in-time decryption of Connection credentials in GoogleCloudBaseHook Key: AIRFLOW-2062 URL: https://issues.apache.org/jira/browse/AIRFLOW-2062 Project: Apache Airflow Issue Type: Improvement Components: contrib Reporter: Wilson Lian
This entails adding a connection extra field to store a path to a GCP Cloud KMS cryptoKey to be used for decryption. To avoid a chicken and egg problem, the cryptoKey must be accessible using application default credentials. In the meantime, a workaround is to create a subclass of SubDagOperator in which the "business" task depends on a task that decrypts the key, places it into a temp file in shared storage, and sets up a new Airflow Connection referencing it; and afterwards another task deletes the temp file and Airflow Connection -- This message was sent by Atlassian JIRA (v7.6.3#76005)