airflow.providers.google.cloud.secrets.secret_manager¶
Objects relating to sourcing connections from Google Cloud Secrets Manager.
Module Contents¶
Classes¶
Retrieves Connection object from Google Cloud Secrets Manager. |
Attributes¶
- airflow.providers.google.cloud.secrets.secret_manager.SECRET_ID_PATTERN = '^[a-zA-Z0-9-_]*$'[source]¶
- class airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', config_prefix='airflow-config', gcp_keyfile_dict=None, gcp_key_path=None, gcp_credential_config_file=None, gcp_scopes=None, project_id=None, sep='-', **kwargs)[source]¶
Bases:
airflow.secrets.BaseSecretsBackend,airflow.utils.log.logging_mixin.LoggingMixinRetrieves Connection object from Google Cloud Secrets Manager.
Configurable via
airflow.cfgas follows:[secrets] backend = airflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackend backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}
For example, if the Secrets Manager secret id is
airflow-connections-smtp_default, this would be accessible if you provide{"connections_prefix": "airflow-connections", "sep": "-"}and request conn_idsmtp_default.If the Secrets Manager secret id is
airflow-variables-hello, this would be accessible if you provide{"variables_prefix": "airflow-variables", "sep": "-"}and request Variable Keyhello.The full secret id should follow the pattern “[a-zA-Z0-9-_]”.
- Parameters
connections_prefix (str) – Specifies the prefix of the secret to read to get Connections. If set to None (null), requests for connections will not be sent to GCP Secrets Manager
variables_prefix (str) – Specifies the prefix of the secret to read to get Variables. If set to None (null), requests for variables will not be sent to GCP Secrets Manager
config_prefix (str) – Specifies the prefix of the secret to read to get Airflow Configurations containing secrets. If set to None (null), requests for configurations will not be sent to GCP Secrets Manager
gcp_key_path (str | None) – Path to Google Cloud Service Account key file (JSON). Mutually exclusive with gcp_keyfile_dict. use default credentials in the current environment if not provided.
gcp_keyfile_dict (dict | None) – Dictionary of keyfile parameters. Mutually exclusive with gcp_key_path.
gcp_credential_config_file (dict[str, str] | str | None) – File path to or content of a GCP credential configuration file.
gcp_scopes (str | None) – Comma-separated string containing OAuth2 scopes
project_id (str | None) – Project ID to read the secrets from. If not passed, the project ID from credentials will be used.
sep (str) – Separator used to concatenate connections_prefix and conn_id. Default: “-“
- property client: airflow.providers.google.cloud._internal_client.secret_manager_client._SecretManagerClient[source]¶
Property returning secret client.
- Returns
Secrets client
- Return type
airflow.providers.google.cloud._internal_client.secret_manager_client._SecretManagerClient
- get_conn_value(conn_id)[source]¶
Get serialized representation of Connection.
- Parameters
conn_id (str) – connection id
- get_conn_uri(conn_id)[source]¶
Return URI representation of Connection conn_id.
As of Airflow version 2.3.0 this method is deprecated.