ashb commented on pull request #8889: URL: https://github.com/apache/airflow/pull/8889#issuecomment-631393939
This is a -1 from me -- it is a hugely overlapping feature with the Secrets backend, and makes it harder for users to configure/know which one to use > I don't think we should extend SecretBackend to support write due to security concerns. What security concerns? Please be specific. All of the "real" secrets backends (Vault, AWS, GCP etc) allow fairly tight and granular control of permissions extnerally to Airflow, so if people want to use Vault and not let Airflow manage it then they can deny permissions there. Additionally we could have a (default) flag to the secrets backends of `readonly=True` so that we don't allow editing via the Airflow UI. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
