airflow.contrib.secrets.azure_key_vault

Module Contents

class airflow.contrib.secrets.azure_key_vault.AzureKeyVaultBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', config_prefix='airflow-config', vault_url='', sep='-', **kwargs)[source]

Bases: airflow.secrets.BaseSecretsBackend, airflow.utils.log.logging_mixin.LoggingMixin

Retrieves Airflow Connections or Variables from Azure Key Vault secrets.

The Azure Key Vault can be configured as a secrets backend in the airflow.cfg:

[secrets]
backend = airflow.providers.microsoft.azure.secrets.azure_key_vault.AzureKeyVaultBackend
backend_kwargs = {"connections_prefix": "airflow-connections", "vault_url": "<azure_key_vault_uri>"}

For example, if the secrets prefix is airflow-connections-smtp-default, this would be accessible if you provide {"connections_prefix": "airflow-connections"} and request conn_id smtp-default. And if variables prefix is airflow-variables-hello, this would be accessible if you provide {"variables_prefix": "airflow-variables"} and request variable key hello.

Parameters

  • connections_prefix (str) – Specifies the prefix of the secret to read to get Connections

  • variables_prefix (str) – Specifies the prefix of the secret to read to get Variables

  • config_prefix (str) – Specifies the prefix of the secret to read to get Variables.

  • vault_url (str) – The URL of an Azure Key Vault to use

  • sep (str) – separator used to concatenate secret_prefix and secret_id. Default: “-“

client(self)[source]

Create a Azure Key Vault client.

get_conn_uri(self, conn_id)[source]

Get an Airflow Connection URI from an Azure Key Vault secret

Parameters

conn_id (str) – The Airflow connection id to retrieve

get_variable(self, key)[source]

Get an Airflow Variable from an Azure Key Vault secret.

Parameters

key (str) – Variable Key

Returns

Variable Value

get_config(self, key)[source]

Get Airflow Configuration

Parameters

key – Configuration Option Key

Returns

Configuration Option Value

static build_path(path_prefix, secret_id, sep='-')[source]

Given a path_prefix and secret_id, build a valid secret name for the Azure Key Vault Backend. Also replaces underscore in the path with dashes to support easy switching between environment variables, so connection_default becomes connection-default.

Parameters

  • path_prefix (str) – The path prefix of the secret to retrieve

  • secret_id (str) – Name of the secret

  • sep (str) – Separator used to concatenate path_prefix and secret_id

_get_secret(self, path_prefix, secret_id)[source]

Get an Azure Key Vault secret value

Parameters

  • path_prefix (str) – Prefix for the Path to get Secret

  • secret_id (str) – Secret Key

Was this entry helpful?