Hi Airflow community, I would like to propose adding a new community provider for **Akeyless Vault Platform** to the Apache Airflow monorepo.
## What is Akeyless? Akeyless (https://www.akeyless.io/) is a SaaS-based secrets management and zero-trust access platform used by thousands of organizations for: - **Static secrets management** (key/value secrets, similar to Vault KV) - **Dynamic secrets** (just-in-time credentials for databases, cloud providers, Kubernetes, etc.) - **Rotated secrets** (automatic credential rotation) - **Zero-trust access** (SSH, RDP, Kubernetes, database access via ephemeral credentials) Akeyless is increasingly used alongside Airflow in data engineering workflows where secrets need to be injected into DAGs at runtime. Today there is **no existing Airflow provider** for Akeyless — users must manually call the Akeyless SDK inside PythonOperator tasks, which is error-prone and doesn't integrate with Airflow's secrets backend or connection management. ## What the provider includes | Component | Class | |---|---| | **Hook** | `airflow.providers.akeyless.hooks.akeyless.AkeylessHook` | | **Connection type** | `akeyless` (custom UI fields for 8 auth methods) | | **Secrets Backend** | `airflow.providers.akeyless.secrets.akeyless.AkeylessBackend` | ### AkeylessHook capabilities - Get static secret values (single and batch) - Create / update / delete secrets - List and describe items - Generate dynamic secret values (database credentials, cloud keys, etc.) - Retrieve rotated secret values - Supports all Akeyless authentication methods: API Key, AWS IAM, GCP, Azure AD, Universal Identity, JWT/OIDC, Kubernetes, Certificate ### AkeylessBackend (Secrets Backend) - Sources Airflow **Connections**, **Variables**, and **Configuration** from Akeyless — drop-in replacement pattern identical to the HashiCorp Vault backend - Supports URI, JSON dict, and `conn_uri` formats for connections - Configurable path prefixes and separators ### Connection type Custom connection form in the Airflow UI with dedicated fields for: Access ID, Access Key, API URL, Access Type, UID Token, GCP Audience, Azure Object ID, JWT, K8s Auth Config Name, Certificate/Key PEM data. ## Dependencies - `akeyless>=5.0.0` (Apache 2.0 licensed, actively maintained, ~350K monthly PyPI downloads) - Optional: `akeyless_cloud_id` for AWS/GCP/Azure cloud-based auth ## Proposed stewards - Barak Abekasis (@baraka-akeyless) — Akeyless integrations team - Dean Sher (@deanshak) - Product Architect We are committed to maintaining this provider per the AIP-95 governance framework, including timely PR reviews, issue resolution, and quarterly updates. ## PR The implementation is ready at: https://github.com/apache/airflow/pull/64754 The provider follows the monorepo structure (`providers/akeyless/`) with: - Full RST documentation (connection guide, secrets backend guide, changelog) - Unit tests for hook, secrets backend, and internal client validation - Example system test DAG - `provider.yaml` with connection field schema Looking forward to your feedback. [image: Kind regards,] [image: photo] Barak Abekasis Solution Architect, Akeyless [image: icon] +972-526238465 [image: icon] [email protected] [image: icon] akeyless.io [image: youtube] <https://www.youtube.com/@Akeyless> [image: facebook] <https://www.facebook.com/Akeylessio> [image: linkedin] <https://www.linkedin.com/company/akeyless/> [image: twitter] <https://x.com/akeylessio> [image: Meeting Button App] <https://meetings.hubspot.com/barak-abekasis> [image: __tpx__]
