potiuk commented on pull request #8889: URL: https://github.com/apache/airflow/pull/8889#issuecomment-631359757
@milton0825 - see the discussion I started few days ago about Secret Hooks. https://lists.apache.org/thread.html/re2bd54b0682e14fac6c767895311baf411ea10b18685474f7683a2f5%40%3Cdev.airflow.apache.org%3E I think Secret Backend is good in its support to read connections and variables - because it is there to keep the airflow configuration. What I think you want to achieve can be done via Secret Hooks - so the usual airflow mechanism to talk to external services. You could very easily write custom operators that will be using hooks to read/write secrets to secret backends. And what's best here - you will be able to use different secret backends to keep Airflow configuration and different to store such "secret" values that should be writeable. I think this is a perfect setup from the security point of view - you do not want to give write access to the secret backend that keeps Airflow configuration to all the jobs. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
