[ https://issues.apache.org/jira/browse/AIRFLOW-2062?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wilson Lian updated AIRFLOW-2062: --------------------------------- Description: This effort targets containerized tasks (e.g., those launched by KubernetesExecutor). Under that paradigm, each task could potentially operate under different credentials, and fine-grained Connection encryption will enable an administrator to restrict which connections can be accessed by which tasks. (was: This entails adding columns to the Connection table to store connection extra field to store a path to a GCP Cloud KMS cryptoKey to be used for decryption. To avoid a chicken and egg problem, the cryptoKey must be accessible using application default credentials. In the meantime, a workaround is to create a subclass of SubDagOperator in which the "business" task depends on a task that decrypts the key, places it into a temp file in shared storage, and sets up a new Airflow Connection referencing it; and afterwards another task deletes the temp file and Airflow Connection) Summary: Support fine-grained Connection encryption (was: Support just-in-time decryption of Connection credentials) > Support fine-grained Connection encryption > ------------------------------------------ > > Key: AIRFLOW-2062 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2062 > Project: Apache Airflow > Issue Type: Improvement > Components: contrib > Reporter: Wilson Lian > Priority: Minor > > This effort targets containerized tasks (e.g., those launched by > KubernetesExecutor). Under that paradigm, each task could potentially operate > under different credentials, and fine-grained Connection encryption will > enable an administrator to restrict which connections can be accessed by > which tasks. -- This message was sent by Atlassian JIRA (v7.6.3#76005)