potiuk commented on pull request #8889: URL: https://github.com/apache/airflow/pull/8889#issuecomment-631438618
@ashb -> Understood. Agree. And I understand the concerns. Ans I agree that if the configuration for Airlfow is going to be managed by the UI (And readonly set fo False), then it's OK to use existing Secret Backend to do writes. I can easily imagine both cases a) readonly = True - where all the secrets are managed externally b) readonly = False - where the Airflow UI is used to do it I think current vault Implementation (correct me if I am wrong) are "all-or-nothing" so you can't configure read/write separately for different keys/groups of keys so I think this is the biggest granularity you can do (readonly flag for whole installation). But I think it's good enough. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
