[
https://issues.apache.org/jira/browse/AIRFLOW-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15270788#comment-15270788
]
Siddharth Anand commented on AIRFLOW-45:
----------------------------------------
Agreed, we really don't have a very secure solution, but it also not fully
optimized for visibility. For example, @stranbird had committed a change to
decrypt the "Extra" connection field. We would like to do the same on the
Variable one as well as show the variable value on the main Variables page
without requiring someone to click the edit button. We can make that
configurable, but set the default to "show".
> Support hidden Airflow variables
> --------------------------------
>
> Key: AIRFLOW-45
> URL: https://issues.apache.org/jira/browse/AIRFLOW-45
> Project: Apache Airflow
> Issue Type: Improvement
> Components: security
> Reporter: Chris Riccomini
> Assignee: Matthew Chen
>
> We have a use case where someone wants to set a variable for their DAG, but
> they don't want it visible via the UI. I see that variables are encrypted in
> the DB (if the crypto package is installed), but the variables are still
> visible via the UI, which is a little annoying.
> Obviously, this is not 100% secure, since you can still create a DAG to read
> the variable, but it will at least keep arbitrary users from logging
> in/loading the UI and seeing the variable.
> I propose basically handling this the same way that DB hook passwords are
> handled. Don't show them in the UI when the edit button is clicked, but allow
> the variables to be editable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
