Airflow Summit 2026 is coming August 31 - September 2 in Austin, TX. Register now to secure your spot!

Akeyless Secrets Backend

Use Akeyless as the secrets backend for Apache Airflow to source Connections, Variables, and Configuration options directly from the Akeyless Vault Platform.

Configuration

Add to airflow.cfg:

[secrets]
backend = airflow.providers.akeyless.secrets.akeyless.AkeylessBackend
backend_kwargs = {
    "connections_path": "/airflow/connections",
    "variables_path": "/airflow/variables",
    "config_path": "/airflow/config",
    "api_url": "https://api.akeyless.io",
    "access_id": "p-xxxxxxxxx",
    "access_key": "your-access-key",
    "access_type": "api_key"
}

Or via environment variable:

export AIRFLOW__SECRETS__BACKEND="airflow.providers.akeyless.secrets.akeyless.AkeylessBackend"
export AIRFLOW__SECRETS__BACKEND_KWARGS='{"connections_path": "/airflow/connections", ...}'

Secret Naming Convention

Secrets are resolved by joining <base_path>/<key>:

Type

Example lookup path

Connection postgres_default

/airflow/connections/postgres_default

Variable my_var

/airflow/variables/my_var

Config smtp_host

/airflow/config/smtp_host

Storing Connections

Connections can be stored in three formats:

URI string:

postgresql://user:password@host:5432/dbname

JSON dict with ``conn_uri``:

{"conn_uri": "postgresql://user:password@host:5432/dbname"}

JSON dict with individual fields:

{
    "conn_type": "postgres",
    "host": "db.example.com",
    "login": "admin",
    "password": "secret",
    "schema": "mydb",
    "port": 5432
}

Parameters

Parameter

Default

Description

connections_path

/airflow/connections

Akeyless folder path for connections. Set to None to disable.

variables_path

/airflow/variables

Akeyless folder path for variables. Set to None to disable.

config_path

/airflow/config

Akeyless folder path for configuration. Set to None to disable.

sep

/

Separator between base path and key name.

api_url

https://api.akeyless.io

Akeyless API endpoint.

access_id

Akeyless Access ID.

access_key

Akeyless Access Key (for api_key auth).

access_type

api_key

Authentication method.

Was this entry helpful?