airflow.providers.amazon.aws.secrets.secrets_manager

Objects relating to sourcing secrets from AWS Secrets Manager

Module Contents

class airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend(connections_prefix: str = 'airflow/connections', variables_prefix: str = 'airflow/variables', config_prefix: str = 'airflow/config', profile_name: Optional[str] = None, sep: str = '/', **kwargs)[source]

Bases: airflow.secrets.BaseSecretsBackend, airflow.utils.log.logging_mixin.LoggingMixin

Retrieves Connection or Variables from AWS Secrets Manager

Configurable via airflow.cfg like so:

[secrets]
backend = airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend
backend_kwargs = {"connections_prefix": "airflow/connections"}

For example, if secrets prefix is airflow/connections/smtp_default, this would be accessible if you provide {"connections_prefix": "airflow/connections"} and request conn_id smtp_default. If variables prefix is airflow/variables/hello, this would be accessible if you provide {"variables_prefix": "airflow/variables"} and request variable key hello. And if config_prefix is airflow/config/sql_alchemy_conn, this would be accessible if you provide {"config_prefix": "airflow/config"} and request config key sql_alchemy_conn.

You can also pass additional keyword arguments like aws_secret_access_key, aws_access_key_id or region_name to this class and they would be passed on to Boto3 client.

Parameters

  • connections_prefix (str) – Specifies the prefix of the secret to read to get Connections. If set to None (null), requests for connections will not be sent to AWS Secrets Manager

  • variables_prefix (str) – Specifies the prefix of the secret to read to get Variables. If set to None (null), requests for variables will not be sent to AWS Secrets Manager

  • config_prefix (str) – Specifies the prefix of the secret to read to get Configurations. If set to None (null), requests for configurations will not be sent to AWS Secrets Manager

  • profile_name (str) – The name of a profile to use. If not given, then the default profile is used.

  • sep (str) – separator used to concatenate secret_prefix and secret_id. Default: “/”

client(self)[source]

Create a Secrets Manager client

get_conn_uri(self, conn_id: str)[source]

Get Connection Value

Parameters

conn_id (str) – connection id

get_variable(self, key: str)[source]

Get Airflow Variable

Parameters

key – Variable Key

Returns

Variable Value

get_config(self, key: str)[source]

Get Airflow Configuration

Parameters

key – Configuration Option Key

Returns

Configuration Option Value

_get_secret(self, path_prefix: str, secret_id: str)[source]

Get secret value from Secrets Manager

Parameters

  • path_prefix (str) – Prefix for the Path to get Secret

  • secret_id (str) – Secret Key

Was this entry helpful?