[ https://issues.apache.org/jira/browse/AIRFLOW-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15269939#comment-15269939 ]
Siddharth Anand commented on AIRFLOW-45: ---------------------------------------- [~criccomini] I agree the pendulum is currently at one extreme and I would like to not see it swing the other way but instead settle somewhere in the middle until a better solution can be reached. Currently, the entire Airflow app is located at `/admin/`. As such, all DAGs and DAG specific UI functionality, which can be considered as user-specific, is shared in the same UI space as admin-specific functionality (e.g. Variables, Connections, Configuration). In other words, there is no separation between Admin and User functionality. As an admin, I would like to see both connection and variable information. Currently, at Airbnb and Agari and a few other places, a reverse proxy sits in front of Airflow to only allow authenticated access to Airflow. Hence, only intended users can access it - e.g. engineers in the data team. Granted, they have access to everything - they are essentially admins. We do support encryption of Variable and Connection's Extra fields in the DB, so that people with access to the DB but who do not have access to the admin UI cannot access them. This is just a statement of the current state, not a statement of the ideal state. We should ideally break the app into separate admin and user functional areas. As you point out, the variables are still accessible within the DAGs. We have a requirement to make the variable value visible without clicking on the the edit button. This goes against your requirement. I think we should have a configuration variable to hide/expose the encrypted values in the UI for both Variables and Connections. It should likely affect all Variables and/or Connections in a given Airflow installation and not be DAG specific. > Support hidden Airflow variables > -------------------------------- > > Key: AIRFLOW-45 > URL: https://issues.apache.org/jira/browse/AIRFLOW-45 > Project: Apache Airflow > Issue Type: Improvement > Components: security > Reporter: Chris Riccomini > Assignee: Matthew Chen > > We have a use case where someone wants to set a variable for their DAG, but > they don't want it visible via the UI. I see that variables are encrypted in > the DB (if the crypto package is installed), but the variables are still > visible via the UI, which is a little annoying. > Obviously, this is not 100% secure, since you can still create a DAG to read > the variable, but it will at least keep arbitrary users from logging > in/loading the UI and seeing the variable. > I propose basically handling this the same way that DB hook passwords are > handled. Don't show them in the UI when the edit button is clicked, but allow > the variables to be editable. -- This message was sent by Atlassian JIRA (v6.3.4#6332)