airflow.contrib.secrets.gcp_secrets_manager¶
Objects relating to sourcing connections from GCP Secrets Manager
Module Contents¶
-
class
airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', gcp_key_path=None, gcp_scopes=None, sep='-', **kwargs)[source]¶ Bases:
airflow.secrets.BaseSecretsBackend,airflow.utils.log.logging_mixin.LoggingMixinRetrieves Connection object from GCP Secrets Manager
Configurable via
airflow.cfgas follows:[secrets] backend = airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}
For example, if the Secrets Manager secret id is
airflow-connections-smtp_default, this would be accessiblen if you provide{"connections_prefix": "airflow-connections", "sep": "-"}and request conn_idsmtp_default.If the Secrets Manager secret id is
airflow-variables-hello, this would be accessible if you provide{"variables_prefix": "airflow-variables", "sep": "-"}and request Variable Keyhello.The full secret id should follow the pattern “[a-zA-Z0-9-_]”.
- Parameters
connections_prefix (str) – Specifies the prefix of the secret to read to get Connections.
variables_prefix (str) – Specifies the prefix of the secret to read to get Variables.
gcp_key_path (str) – Path to GCP Credential JSON file; use default credentials in the current environment if not provided.
gcp_scopes (str) – Comma-separated string containing GCP scopes
sep (str) – separator used to concatenate connections_prefix and conn_id. Default: “-“
-
get_conn_uri(self, conn_id)[source]¶ Get secret value from Secrets Manager.
- Parameters
conn_id (str) – connection id