airflow.contrib.secrets.gcp_secrets_manager

Objects relating to sourcing connections from GCP Secrets Manager

Module Contents

airflow.contrib.secrets.gcp_secrets_manager.SECRET_ID_PATTERN = ^[a-zA-Z0-9-_]*$[source]
class airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', gcp_key_path=None, gcp_scopes=None, sep='-', **kwargs)[source]

Bases: airflow.secrets.BaseSecretsBackend, airflow.utils.log.logging_mixin.LoggingMixin

Retrieves Connection object from GCP Secrets Manager

Configurable via airflow.cfg as follows:

[secrets]
backend = airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend
backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"}

For example, if the Secrets Manager secret id is airflow-connections-smtp_default, this would be accessiblen if you provide {"connections_prefix": "airflow-connections", "sep": "-"} and request conn_id smtp_default.

If the Secrets Manager secret id is airflow-variables-hello, this would be accessible if you provide {"variables_prefix": "airflow-variables", "sep": "-"} and request Variable Key hello.

The full secret id should follow the pattern “[a-zA-Z0-9-_]”.

Parameters
  • connections_prefix (str) – Specifies the prefix of the secret to read to get Connections.

  • variables_prefix (str) – Specifies the prefix of the secret to read to get Variables.

  • gcp_key_path (str) – Path to GCP Credential JSON file; use default credentials in the current environment if not provided.

  • gcp_scopes (str) – Comma-separated string containing GCP scopes

  • sep (str) – separator used to concatenate connections_prefix and conn_id. Default: “-“

_is_valid_prefix_and_sep(self)[source]
client(self)[source]

Create an authenticated KMS client

get_conn_uri(self, conn_id)[source]

Get secret value from Secrets Manager.

Parameters

conn_id (str) – connection id

get_variable(self, key)[source]

Get Airflow Variable from Environment Variable

Parameters

key – Variable Key

Returns

Variable Value

_get_secret(self, path_prefix, secret_id)[source]

Get secret value from Parameter Store.

Parameters
  • path_prefix (str) – Prefix for the Path to get Secret

  • secret_id (str) – Secret Key

Was this entry helpful?