airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Crawford <>
Subject hiding aws secret key in connections
Date Tue, 19 Sep 2017 00:03:17 GMT

I was wondering if anything had ever been proposed for having the aws secret key hidden in
the aws type connection.

Currently passing in these credentials is done by defining the some json in the extra params
section of the connection like
{"aws_access_key_id":"_your_aws_access_key_id_", "aws_secret_access_key": "_your_aws_secret_access_key_”}

While this does work it leaves the secret access key in plain text for anyone that has access
to the connections.

I know there are other options about setting them as environment variables, but this doesn’t
help if we need to define more than one aws connection with different access keys.

Two things that immediately came to mind for how to do this:

1.  use login and password sections of the connection for the access and secret keys so that
the secret gets hidden and encrypted like all the other passwords.
2. have an option to encrypt the extra params 

Option 1 seems most logical and should be too hard to implement.

Open to any ideas people might have on this.

View raw message