Akeyless Secrets Backend¶
Use Akeyless as the secrets backend for Apache Airflow to source Connections, Variables, and Configuration options directly from the Akeyless Vault Platform.
Configuration¶
Add to airflow.cfg:
[secrets]
backend = airflow.providers.akeyless.secrets.akeyless.AkeylessBackend
backend_kwargs = {
"connections_path": "/airflow/connections",
"variables_path": "/airflow/variables",
"config_path": "/airflow/config",
"api_url": "https://api.akeyless.io",
"access_id": "p-xxxxxxxxx",
"access_key": "your-access-key",
"access_type": "api_key"
}
Or via environment variable:
export AIRFLOW__SECRETS__BACKEND="airflow.providers.akeyless.secrets.akeyless.AkeylessBackend"
export AIRFLOW__SECRETS__BACKEND_KWARGS='{"connections_path": "/airflow/connections", ...}'
Secret Naming Convention¶
Secrets are resolved by joining <base_path>/<key>:
Type |
Example lookup path |
|---|---|
Connection |
|
Variable |
|
Config |
|
Storing Connections¶
Connections can be stored in three formats:
URI string:
postgresql://user:password@host:5432/dbname
JSON dict with ``conn_uri``:
{"conn_uri": "postgresql://user:password@host:5432/dbname"}
JSON dict with individual fields:
{
"conn_type": "postgres",
"host": "db.example.com",
"login": "admin",
"password": "secret",
"schema": "mydb",
"port": 5432
}
Parameters¶
Parameter |
Default |
Description |
|---|---|---|
|
|
Akeyless folder path for connections. Set to None to disable. |
|
|
Akeyless folder path for variables. Set to None to disable. |
|
|
Akeyless folder path for configuration. Set to None to disable. |
|
|
Separator between base path and key name. |
|
|
Akeyless API endpoint. |
|
Akeyless Access ID. |
|
|
Akeyless Access Key (for |
|
|
|
Authentication method. |