| :py:mod:`airflow.providers.amazon.aws.secrets.secrets_manager` |
| ============================================================== |
| |
| .. py:module:: airflow.providers.amazon.aws.secrets.secrets_manager |
| |
| .. autoapi-nested-parse:: |
| |
| Objects relating to sourcing secrets from AWS Secrets Manager. |
| |
| |
| |
| Module Contents |
| --------------- |
| |
| Classes |
| ~~~~~~~ |
| |
| .. autoapisummary:: |
| |
| airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend |
| |
| |
| |
| |
| .. py:class:: SecretsManagerBackend(connections_prefix = 'airflow/connections', connections_lookup_pattern = None, variables_prefix = 'airflow/variables', variables_lookup_pattern = None, config_prefix = 'airflow/config', config_lookup_pattern = None, sep = '/', extra_conn_words = None, **kwargs) |
| |
| |
| Bases: :py:obj:`airflow.secrets.BaseSecretsBackend`, :py:obj:`airflow.utils.log.logging_mixin.LoggingMixin` |
| |
| Retrieves Connection or Variables from AWS Secrets Manager. |
| |
| Configurable via ``airflow.cfg`` like so: |
| |
| .. code-block:: ini |
| |
| [secrets] |
| backend = airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend |
| backend_kwargs = {"connections_prefix": "airflow/connections"} |
| |
| For example, when ``{"connections_prefix": "airflow/connections"}`` is set, if a secret is defined with |
| the path ``airflow/connections/smtp_default``, the connection with conn_id ``smtp_default`` would be |
| accessible. |
| |
| When ``{"variables_prefix": "airflow/variables"}`` is set, if a secret is defined with |
| the path ``airflow/variables/hello``, the variable with the name ``hello`` would be accessible. |
| |
| When ``{"config_prefix": "airflow/config"}`` set, if a secret is defined with |
| the path ``airflow/config/sql_alchemy_conn``, the config with they ``sql_alchemy_conn`` would be |
| accessible. |
| |
| You can also pass additional keyword arguments listed in AWS Connection Extra config |
| to this class, and they would be used for establishing a connection and passed on to Boto3 client. |
| |
| .. code-block:: ini |
| |
| [secrets] |
| backend = airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend |
| backend_kwargs = {"connections_prefix": "airflow/connections", "region_name": "eu-west-1"} |
| |
| .. seealso:: |
| :ref:`howto/connection:aws:configuring-the-connection` |
| |
| There are two ways of storing secrets in Secret Manager for using them with this operator: |
| storing them as a conn URI in one field, or taking advantage of native approach of Secrets Manager |
| and storing them in multiple fields. There are certain words that will be searched in the name |
| of fields for trying to retrieve a connection part. Those words are: |
| |
| .. code-block:: python |
| |
| possible_words_for_conn_fields = { |
| "login": ["login", "user", "username", "user_name"], |
| "password": ["password", "pass", "key"], |
| "host": ["host", "remote_host", "server"], |
| "port": ["port"], |
| "schema": ["database", "schema"], |
| "conn_type": ["conn_type", "conn_id", "connection_type", "engine"], |
| } |
| |
| However, these lists can be extended using the configuration parameter ``extra_conn_words``. Also, |
| you can have a field named extra for extra parameters for the conn. Please note that this extra field |
| must be a valid JSON. |
| |
| :param connections_prefix: Specifies the prefix of the secret to read to get Connections. |
| If set to None (null value in the configuration), requests for connections will not be |
| sent to AWS Secrets Manager. If you don't want a connections_prefix, set it as an empty string |
| :param connections_lookup_pattern: Specifies a pattern the connection ID needs to match to be looked up in |
| AWS Secrets Manager. Applies only if `connections_prefix` is not None. |
| If set to None (null value in the configuration), all connections will be looked up first in |
| AWS Secrets Manager. |
| :param variables_prefix: Specifies the prefix of the secret to read to get Variables. |
| If set to None (null value in the configuration), requests for variables will not be sent to |
| AWS Secrets Manager. If you don't want a variables_prefix, set it as an empty string |
| :param variables_lookup_pattern: Specifies a pattern the variable key needs to match to be looked up in |
| AWS Secrets Manager. Applies only if `variables_prefix` is not None. |
| If set to None (null value in the configuration), all variables will be looked up first in |
| AWS Secrets Manager. |
| :param config_prefix: Specifies the prefix of the secret to read to get Configurations. |
| If set to None (null value in the configuration), requests for configurations will not be sent to |
| AWS Secrets Manager. If you don't want a config_prefix, set it as an empty string |
| :param config_lookup_pattern: Specifies a pattern the config key needs to match to be looked up in |
| AWS Secrets Manager. Applies only if `config_prefix` is not None. |
| If set to None (null value in the configuration), all config keys will be looked up first in |
| AWS Secrets Manager. |
| :param sep: separator used to concatenate secret_prefix and secret_id. Default: "/" |
| :param extra_conn_words: for using just when you set full_url_mode as false and store |
| the secrets in different fields of secrets manager. You can add more words for each connection |
| part beyond the default ones. The extra words to be searched should be passed as a dict of lists, |
| each list corresponding to a connection part. The optional keys of the dict must be: user, |
| password, host, schema, conn_type. |
| |
| .. py:method:: client() |
| |
| Create a Secrets Manager client. |
| |
| |
| .. py:method:: get_conn_value(conn_id) |
| |
| Get serialized representation of Connection. |
| |
| :param conn_id: connection id |
| |
| |
| .. py:method:: get_variable(key) |
| |
| Get Airflow Variable. |
| |
| :param key: Variable Key |
| :return: Variable Value |
| |
| |
| .. py:method:: get_config(key) |
| |
| Get Airflow Configuration. |
| |
| :param key: Configuration Option Key |
| :return: Configuration Option Value |
| |
| |
| |