在Airflow上存储登录凭证的最佳方法是什么？ [英] What is the best way to store login credentials on Airflow?

问题描述

我发现有很多方法可以将其存储为变量，挂钩和其他使用加密的方法。我想知道什么是最好的方法。

解决方案

当前有两种存储秒表的方法：

1）气流变量：如果键中包含任何单词（密码，秘密，密码，默认情况下为'authorization'，'api_key'，'apikey'，'access_token'），但可以将其配置为以明文形式显示，如下图所示。

但是，存在一个已知的错误，任何有权访问UI的人都可以导出所有将暴露出的变量。

2）气流连接：

您可以使用<如果您已安装 crypto 软件包（ pip install apa），则Airflow连接中的strong> Passwords 字段将对该字段进行加密che-airflow [crypto] ）。密码字段将在UI中显示为空白，如屏幕快照所示。

有关确保连接安全的更多信息：

我建议使用第二种方法，即使有人可以访问UI，他/她也不会能够获取您的秘密。请记住，尽管您需要为此安装 crypto 软件包。

然后您可以按以下方式访问机密

 从airflow.hooks.base_hook导入BaseHook 
 
 connection = BaseHook.get_connection（CONN_ID） 
 slack_token = connection.password 
  

您可以设置 CONN_ID 作为连接的名称。

I found out there are lot of ways to store it as variables, hooks and other ways using encryption. I would like to know what's the best way to do it.

解决方案

Currently there 2 ways of storing secrests:

1) Airflow Variables: Value of a variable will be hidden if the key contains any words in (‘password’, ‘secret’, ‘passwd’, ‘authorization’, ‘api_key’, ‘apikey’, ‘access_token’) by default, but can be configured to show in clear-text as shown in the image below.

However, there is a known-bug where anyone with an access to UI can export all the variables which will expose the secrets.

2) Airflow Connections:

You can use the Passwords field in Airflow connections which will encrypt that field if you had installed the crypto package (pip install apache-airflow[crypto]). The password field would just appear as blank in the UI as shown in the screenshot.

More on Securing connections: https://airflow.apache.org/howto/secure-connections.html

I recommend the 2nd approach as even if someone gets access to the UI, he/she won't be able to get your secrets. Keep in mind though that you need to install the crypto package for this.

You can then access the secrets as below:

from airflow.hooks.base_hook import BaseHook

connection = BaseHook.get_connection(CONN_ID)
slack_token = connection.password

You can set the CONN_ID as the name of your connection.

这篇关于在Airflow上存储登录凭证的最佳方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！