airflow.providers.amazon.aws.secrets.secrets_manager
¶
Objects relating to sourcing secrets from AWS Secrets Manager
Module Contents¶
-
class
airflow.providers.amazon.aws.secrets.secrets_manager.
SecretsManagerBackend
(connections_prefix: str = 'airflow/connections', variables_prefix: str = 'airflow/variables', config_prefix: str = 'airflow/config', profile_name: Optional[str] = None, sep: str = '/', **kwargs)[source]¶ Bases:
airflow.secrets.BaseSecretsBackend
,airflow.utils.log.logging_mixin.LoggingMixin
Retrieves Connection or Variables from AWS Secrets Manager
Configurable via
airflow.cfg
like so:[secrets] backend = airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend backend_kwargs = {"connections_prefix": "airflow/connections"}
For example, if secrets prefix is
airflow/connections/smtp_default
, this would be accessible if you provide{"connections_prefix": "airflow/connections"}
and request conn_idsmtp_default
. If variables prefix isairflow/variables/hello
, this would be accessible if you provide{"variables_prefix": "airflow/variables"}
and request variable keyhello
. And if config_prefix isairflow/config/sql_alchemy_conn
, this would be accessible if you provide{"config_prefix": "airflow/config"}
and request config keysql_alchemy_conn
.You can also pass additional keyword arguments like
aws_secret_access_key
,aws_access_key_id
orregion_name
to this class and they would be passed on to Boto3 client.- Parameters
connections_prefix (str) -- Specifies the prefix of the secret to read to get Connections. If set to None (null), requests for connections will not be sent to AWS Secrets Manager
variables_prefix (str) -- Specifies the prefix of the secret to read to get Variables. If set to None (null), requests for variables will not be sent to AWS Secrets Manager
config_prefix (str) -- Specifies the prefix of the secret to read to get Configurations. If set to None (null), requests for configurations will not be sent to AWS Secrets Manager
profile_name (str) -- The name of a profile to use. If not given, then the default profile is used.
sep (str) -- separator used to concatenate secret_prefix and secret_id. Default: "/"
-
get_conn_uri
(self, conn_id: str)[source]¶ Get Connection Value
- Parameters
conn_id (str) -- connection id