jmcarp commented on issue #4225: [AIRFLOW-3383] Rotate fernet keys. URL: https://github.com/apache/incubator-airflow/pull/4225#issuecomment-441666665 * Agreed that it would be useful to integrate Airflow with external KMS options. But AWS/GCP/Azure KMS services don't store encrypted credentials--they store encryption keys. AWS Parameter Store and Hashicorp Vault do store secrets. Would you be interested in adding pluggable secret encryption and/or storage for Airflow 2.0? I'd be happy to contribute. * I think it should be possible to rotate the Fernet key without updating all credentials. Ideally users can easily automate updating all credentials, but that might not be possible--for example, users might add credentials to Airflow manually, credentials might need to be pulled from many sources, etc. And in general, it's good practice to make it possible to easily rotate any cryptographic keys. By the way, I also submitted #4232, which should make it easier to programmatically update credentials.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
