Yeah like XD said, you can use Environment Variables or use *_cmd* or *_secret *vars to get value from running a command or from Secrets Backend, check https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html <https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html>this out.
The following config options support the _cmd and _secret version: - sql_alchemy_conn in [core] section - fernet_key in [core] section - broker_url in [celery] section - flower_basic_auth in [celery] section - result_backend in [celery] section - password in [atlas] section - smtp_password in [smtp] section - secret_key in [webserver] section On Wed, Apr 21, 2021 at 1:58 PM David Harris <dhar...@caci.co.uk> wrote: > It’s also possible to just use any environment variable you want in the > .cfg file. > > > > e.g. Our config for this is… > > > > sql_alchemy_conn = postgresql+psycopg2://$PG_USER_ME:$PG_PW_ME@ken-db-02 > /npdairflow > > > > > > > > *From:* Xiaodong Deng <xdd...@apache.org> > *Sent:* 21 April 2021 09:03 > *To:* d...@airflow.apache.org > *Cc:* users@airflow.apache.org > *Subject:* Re: Encrypted passwords in the airflow.cfg > > > > CAUTION: This email originated from outside of CACI. Do not click links > or open attachments unless you recognise the sender and know the content is > safe. > > "Encrypt them in the airflow.cfg" may not be feasible. > > > > Maybe you want to try using environment variables for these > configuration items instead, which addresses security concerns at some > level. > > > > These documentation pages below may be helpful: > > - > https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#sql-alchemy-conn > > - > https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_CMD > > - > https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#envvar-AIRFLOW__-SECTION-__-KEY-_SECRET > > > > > > Regards, > > XD > > > > On Wed, Apr 21, 2021 at 9:45 AM Mehmet - <mehmet.ersoy1...@gmail.com> > wrote: > > Hi Team, > > > > Is it possible to keep sql_alchemy_conn and ldap-bind_user passwords > encrypted in the airflow.cfg? > > > > Thank you. > > -- > > Mehmet ERSOY > > > This electronic message contains information from CACI International Inc or > subsidiary companies, which may be confidential, proprietary, > privileged or otherwise protected from disclosure. The information is > intended to be used solely by the recipient(s) named above. If you are not > an intended recipient, be aware that any review, disclosure, copying, > distribution or use of this transmission or its contents is prohibited. If > you have received this transmission in error, please notify us immediately > at postmas...@caci.co.uk > Viruses: Although we have taken steps to ensure that this e-mail and > attachments are free from any virus, we advise that in keeping with good > computing practice the recipient should ensure they are actually virus > free. > > CACI Limited. Registered in England & Wales. Registration No. 1649776. > CACI House, Avonmore Road, London, W14 8TS >
