[GitHub] [airflow] portoedu opened a new issue, #28898: A way to set an environment variable as a sensible config

Thu, 12 Jan 2023 12:11:47 -0800 


portoedu opened a new issue, #28898:
URL: https://github.com/apache/airflow/issues/28898

   ### Description
   
   A way to set an environment variable as a sensible config so that airflow 
hides it in the configuration page.
   
   ### Use case/motivation
   
   For security measures, we set the AIRFLOW__WEBSERVER__EXPOSE_CONFIG to 
non-sensitive-only so that Airflow hides a lot of information in the 
Configuration web page (there are a lot of non sensible information that is 
also being hidden).
   
   We use an authentication provider for the login and there are some 
parameters that we need to set for this to work, a few examples of these 
parameters are "client_id" and "client_secret". Since we set this using env 
vars, the straightforward and simple way is to set the section as auth (or 
something similar) and the name to the required parameter.
   An example is AIRFLOW__GENERIC_OAUTH__CLIENT_ID that we use to set the 
client_id parameter of auth.
   
   But here's the problem, airflow hides all of these auth env vars parameters 
except "AIRFLOW__GENERIC_OAUTH__CLIENT_SECRET". After a lot of research we 
couldn't find a way to set this information as sensible to the airflow 
configuration, we only could set the AIRFLOW__CORE__SENSITIVE_VAR_CONN_NAMES 
that doesn't work for the configuration page. 
   
   Then, we found this documentation 
(https://airflow.apache.org/docs/apache-airflow/2.4.2/howto/set-config.html) 
which says that if we append _secret to a env var airflow will considers it as 
a connection string to be used at runtime.  
   
   We are using the airflow version 2.4.2.
   
   Work Around: Don't use environment variables that ends with _secret (or 
_cmd), instead use _sekret or _token.
   
   ### Related issues
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to