You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/08/19 18:12:20 UTC

[GitHub] [airflow] potiuk commented on a change in pull request #17448: Aws secrets manager backend

potiuk commented on a change in pull request #17448:
URL: https://github.com/apache/airflow/pull/17448#discussion_r692371810



##########
File path: docs/apache-airflow-providers-amazon/secrets-backends/aws-secrets-manager.rst
##########
@@ -71,18 +68,43 @@ Verify that you can get the secret:
         "ARN": "arn:aws:secretsmanager:us-east-2:314524341751:secret:airflow/connections/smtp_default-7meuul",
         "Name": "airflow/connections/smtp_default",
         "VersionId": "34f90eff-ea21-455a-9c8f-5ee74b21be672",
-        "SecretString": "smtps://user:host@relay.example.com:465",
+        "SecretString": "{\n  \"user\":\"nice_user\",\n  \"pass\":\"this_is_the_password\"\n,
+        \n  \"host\":\"ec2.8399.com\"\n,\n  \"port\":\"999\"\n}\n",
         "VersionStages": [
             "AWSCURRENT"
         ],
         "CreatedDate": "2020-04-08T02:10:35.132000+01:00"
     }
 
-The value of the secret must be the :ref:`connection URI representation <generating_connection_uri>`
-of the connection object.
 
 Storing and Retrieving Variables
 """"""""""""""""""""""""""""""""
 
 If you have set ``variables_prefix`` as ``airflow/variables``, then for an Variable key of ``hello``,
 you would want to store your Variable at ``airflow/variables/hello``.
+
+Optional lookup
+"""""""""""""""
+
+Optionally connections, variables, or config may be looked up exclusive of each other or in any combination.
+This will prevent requests being sent to AWS Secrets Manager for the excluded type.
+
+If you want to look up some and not others in AWS Secrets Manager you may do so by setting the relevant ``*_prefix`` parameter of the ones to be excluded as ``null``.
+
+For example, if you want to set parameter ``connections_prefix`` to ``"airflow/connections"`` and not look up variables, your configuration file should look like this:
+
+.. code-block:: ini
+
+    [secrets]
+    backend = airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend
+    backend_kwargs = {"connections_prefix": "airflow/connections", "variables_prefix": null, "profile_name": "default"}
+
+Storing Google Cloud Secrets

Review comment:
       Just checking - does AWS secret manager allows pass-through to GCP's secrets ? 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org