A way to set an environment variable as a sensible config #28898
Description
Description
A way to set an environment variable as a sensible config so that airflow hides it in the configuration page.
Use case/motivation
For security measures, we set the AIRFLOW__WEBSERVER__EXPOSE_CONFIG to non-sensitive-only so that Airflow hides a lot of information in the Configuration web page.
There are a lot of non sensible information that is also being hidden, why?
A few examples:
We use an authentication provider for the login and there are some parameters that we need to set for this to work, a few examples of these parameters are "client_id" and "client_secret". Since we set this using env vars, the straightforward and simple way is to set the section as auth (or something similar) and the name to the required parameter.
An example is AIRFLOW__GENERIC_OAUTH__CLIENT_ID that we use to set the client_id parameter of auth.
But here's the problem, airflow hides all of these auth env vars parameters except "AIRFLOW__GENERIC_OAUTH__CLIENT_SECRET". After a lot of research we couldn't find a way to set this information as sensible to the airflow configuration, we only could set the AIRFLOW__CORE__SENSITIVE_VAR_CONN_NAMES that doesn't work for the configuration page.
Then, we found this documentation which says that if we append _secret to a env var airflow will considers it as a connection string to be used at runtime.
We are using the airflow version 2.4.2.
Work Around: Don't use environment variables that ends with _secret (or _cmd), instead use _sekret or _token.
Related issues
No response
Are you willing to submit a PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct