You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/03/16 23:49:56 UTC

[GitHub] [airflow] mik-laj commented on a change in pull request #7741: [AIRFLOW-7076] Add support for HashiCorp Vault as Secrets Backend

mik-laj commented on a change in pull request #7741: [AIRFLOW-7076] Add support for HashiCorp Vault as Secrets Backend
URL: https://github.com/apache/airflow/pull/7741#discussion_r393372282
 
 

 ##########
 File path: docs/howto/connection/index.rst
 ##########
 @@ -179,6 +179,41 @@ Optionally you can supply a profile name to reference aws profile, e.g. defined
 
 The value of the SSM parameter must be the :ref:`airflow connection URI representation <generating_connection_uri>` of the connection object.
 
+.. _hashicorp_vault_secrets:
+
+Hashicorp Value Secrets Backend
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To enable SSM parameter store, specify :py:class:`~airflow.providers.hashicorp.secrets.vault.VaultSecrets`
+as the ``backend`` in  ``[secrets]`` section of ``airflow.cfg``.
+
+Here is a sample configuration:
+
+.. code-block:: ini
+
+    [secrets]
+    backend = airflow.providers.hashicorp.secrets.vault.VaultSecrets
+    backend_kwargs = {"path": "airflow", "url": "http://127.0.0.1:8200"}
+
+You can also set and pass values to Vault client by setting environment variables. All the
+environment variables listed at https://www.vaultproject.io/docs/commands/#environment-variables are supported.
+
+Hence, if you set ``VAULT_ADDR`` environment variable like below, you do not need to pass ``url``
+key to ``backend_kwargs``:
+
+.. code-block:: bash
+
+    export VAULT_ADDR="http://127.0.0.1:8200"
+
+If you have set your path as ``airflow``, then for a connection id of ``smtp_default``, you would want to
 
 Review comment:
   Before adding information about a secret backend on this page, we only had the configuration described, which can be changed during runtime. This was information that a normal Airflow user used (User guide). We now also have information that is very specific and is not used by normal users during everyday use (Administrator Guide). Would you section this information on a new page? This page should only contain references to the new page. WDYT?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services