在Airflow上存储登录凭证的最佳方法是什么? [英] What is the best way to store login credentials on Airflow?
问题描述
我发现有很多方法可以将其存储为变量,挂钩和其他使用加密的方法。我想知道什么是最好的方法。
当前有两种存储秒表的方法:
1)气流变量:如果键中包含任何单词(密码,秘密,密码,默认情况下为'authorization','api_key','apikey','access_token'),但可以将其配置为以明文形式显示,如下图所示。
但是,存在一个已知的错误,任何有权访问UI的人都可以导出所有将暴露出的变量。
2)气流连接:
您可以使用<如果您已安装 crypto
软件包( pip install apa),则Airflow连接中的strong> Passwords 字段将对该字段进行加密che-airflow [crypto]
)。密码字段将在UI中显示为空白,如屏幕快照所示。
有关确保连接安全的更多信息:
我建议使用第二种方法,即使有人可以访问UI,他/她也不会能够获取您的秘密。请记住,尽管您需要为此安装 crypto
软件包。
然后您可以按以下方式访问机密
从airflow.hooks.base_hook导入BaseHook
connection = BaseHook.get_connection(CONN_ID)
slack_token = connection.password
您可以设置 CONN_ID
作为连接的名称。
I found out there are lot of ways to store it as variables, hooks and other ways using encryption. I would like to know what's the best way to do it.
Currently there 2 ways of storing secrests:
1) Airflow Variables: Value of a variable will be hidden if the key contains any words in (‘password’, ‘secret’, ‘passwd’, ‘authorization’, ‘api_key’, ‘apikey’, ‘access_token’) by default, but can be configured to show in clear-text as shown in the image below.
However, there is a known-bug where anyone with an access to UI can export all the variables which will expose the secrets.
2) Airflow Connections:
You can use the Passwords field in Airflow connections which will encrypt that field if you had installed the crypto
package (pip install apache-airflow[crypto]
). The password field would just appear as blank in the UI as shown in the screenshot.
More on Securing connections: https://airflow.apache.org/howto/secure-connections.html
I recommend the 2nd approach as even if someone gets access to the UI, he/she won't be able to get your secrets. Keep in mind though that you need to install the crypto
package for this.
You can then access the secrets as below:
from airflow.hooks.base_hook import BaseHook
connection = BaseHook.get_connection(CONN_ID)
slack_token = connection.password
You can set the CONN_ID
as the name of your connection.
这篇关于在Airflow上存储登录凭证的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!