| :mod:`airflow.contrib.secrets.gcp_secrets_manager` |
| ================================================== |
| |
| .. py:module:: airflow.contrib.secrets.gcp_secrets_manager |
| |
| .. autoapi-nested-parse:: |
| |
| Objects relating to sourcing connections from GCP Secrets Manager |
| |
| |
| |
| Module Contents |
| --------------- |
| |
| .. data:: SECRET_ID_PATTERN |
| :annotation: = ^[a-zA-Z0-9-_]*$ |
| |
| |
| |
| .. py:class:: CloudSecretsManagerBackend(connections_prefix='airflow-connections', variables_prefix='airflow-variables', gcp_key_path=None, gcp_scopes=None, sep='-', **kwargs) |
| |
| Bases: :class:`airflow.secrets.BaseSecretsBackend`, :class:`airflow.utils.log.logging_mixin.LoggingMixin` |
| |
| Retrieves Connection object from GCP Secrets Manager |
| |
| Configurable via ``airflow.cfg`` as follows: |
| |
| .. code-block:: ini |
| |
| [secrets] |
| backend = airflow.contrib.secrets.gcp_secrets_manager.CloudSecretsManagerBackend |
| backend_kwargs = {"connections_prefix": "airflow-connections", "sep": "-"} |
| |
| For example, if the Secrets Manager secret id is ``airflow-connections-smtp_default``, this would be |
| accessiblen if you provide ``{"connections_prefix": "airflow-connections", "sep": "-"}`` and request |
| conn_id ``smtp_default``. |
| |
| If the Secrets Manager secret id is ``airflow-variables-hello``, this would be |
| accessible if you provide ``{"variables_prefix": "airflow-variables", "sep": "-"}`` and request |
| Variable Key ``hello``. |
| |
| The full secret id should follow the pattern "[a-zA-Z0-9-_]". |
| |
| :param connections_prefix: Specifies the prefix of the secret to read to get Connections. |
| :type connections_prefix: str |
| :param variables_prefix: Specifies the prefix of the secret to read to get Variables. |
| :type variables_prefix: str |
| :param gcp_key_path: Path to GCP Credential JSON file; |
| use default credentials in the current environment if not provided. |
| :type gcp_key_path: str |
| :param gcp_scopes: Comma-separated string containing GCP scopes |
| :type gcp_scopes: str |
| :param sep: separator used to concatenate connections_prefix and conn_id. Default: "-" |
| :type sep: str |
| |
| |
| .. method:: _is_valid_prefix_and_sep(self) |
| |
| |
| |
| |
| .. method:: client(self) |
| |
| Create an authenticated KMS client |
| |
| |
| |
| |
| .. method:: get_conn_uri(self, conn_id) |
| |
| Get secret value from Secrets Manager. |
| |
| :param conn_id: connection id |
| :type conn_id: str |
| |
| |
| |
| |
| .. method:: get_variable(self, key) |
| |
| Get Airflow Variable from Environment Variable |
| |
| :param key: Variable Key |
| :return: Variable Value |
| |
| |
| |
| |
| .. method:: _get_secret(self, path_prefix, secret_id) |
| |
| Get secret value from Parameter Store. |
| |
| :param path_prefix: Prefix for the Path to get Secret |
| :type path_prefix: str |
| :param secret_id: Secret Key |
| :type secret_id: str |
| |
| |
| |
| |