<!DOCTYPE html> <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Securing Connections &mdash; Airflow Documentation</title> <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <link rel="index" title="Index" href="../genindex.html" /> <link rel="search" title="Search" href="../search.html" /> <link rel="next" title="Writing Logs" href="write-logs.html" /> <link rel="prev" title="Managing Connections" href="manage-connections.html" /> <script src="../_static/js/modernizr.min.js"></script> <!-- Matomo --> <script> var _paq = window._paq = window._paq || []; _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="https://analytics.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '13']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo --> <link rel="canonical" href="https://airflow.apache.org/docs/apache-airflow/stable/howto/secure-connections.html" /> </head> <body class="wy-body-for-nav"> <div class="wy-grid-for-nav"> <nav data-toggle="wy-nav-shift" class="wy-nav-side"> <div class="wy-side-scroll"> <div class="wy-side-nav-search"> <a href="../index.html" class="icon icon-home"> Airflow </a> <div class="version"> 1.10.2 </div> <div role="search"> <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> <input type="text" name="q" placeholder="Search docs" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> </div> <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="../project.html">Project</a></li> <li class="toctree-l1"><a class="reference internal" href="../license.html">License</a></li> <li class="toctree-l1"><a class="reference internal" href="../start.html">Quick Start</a></li> <li class="toctree-l1"><a class="reference internal" href="../installation.html">Installation</a></li> <li class="toctree-l1"><a class="reference internal" href="../tutorial.html">Tutorial</a></li> <li class="toctree-l1 current"><a class="reference internal" href="index.html">How-to Guides</a><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="set-config.html">Setting Configuration Options</a></li> <li class="toctree-l2"><a class="reference internal" href="initialize-database.html">Initializing a Database Backend</a></li> <li class="toctree-l2"><a class="reference internal" href="operator.html">Using Operators</a></li> <li class="toctree-l2"><a class="reference internal" href="manage-connections.html">Managing Connections</a></li> <li class="toctree-l2 current"><a class="current reference internal" href="#">Securing Connections</a></li> <li class="toctree-l2"><a class="reference internal" href="write-logs.html">Writing Logs</a></li> <li class="toctree-l2"><a class="reference internal" href="executor/use-celery.html">Scaling Out with Celery</a></li> <li class="toctree-l2"><a class="reference internal" href="executor/use-dask.html">Scaling Out with Dask</a></li> <li class="toctree-l2"><a class="reference internal" href="executor/use-mesos.html">Scaling Out with Mesos (community contributed)</a></li> <li class="toctree-l2"><a class="reference internal" href="run-with-systemd.html">Running Airflow with systemd</a></li> <li class="toctree-l2"><a class="reference internal" href="run-with-upstart.html">Running Airflow with upstart</a></li> <li class="toctree-l2"><a class="reference internal" href="use-test-config.html">Using the Test Mode Configuration</a></li> <li class="toctree-l2"><a class="reference internal" href="check-health.html">Checking Airflow Health Status</a></li> </ul> </li> <li class="toctree-l1"><a class="reference internal" href="../ui.html">UI / Screenshots</a></li> <li class="toctree-l1"><a class="reference internal" href="../concepts.html">Concepts</a></li> <li class="toctree-l1"><a class="reference internal" href="../profiling.html">Data Profiling</a></li> <li class="toctree-l1"><a class="reference internal" href="../cli.html">Command Line Interface</a></li> <li class="toctree-l1"><a class="reference internal" href="../scheduler.html">Scheduling &amp; Triggers</a></li> <li class="toctree-l1"><a class="reference internal" href="../plugins.html">Plugins</a></li> <li class="toctree-l1"><a class="reference internal" href="../security.html">Security</a></li> <li class="toctree-l1"><a class="reference internal" href="../timezone.html">Time zones</a></li> <li class="toctree-l1"><a class="reference internal" href="../api.html">Experimental Rest API</a></li> <li class="toctree-l1"><a class="reference internal" href="../integration.html">Integration</a></li> <li class="toctree-l1"><a class="reference internal" href="../metrics.html">Metrics</a></li> <li class="toctree-l1"><a class="reference internal" href="../kubernetes.html">Kubernetes</a></li> <li class="toctree-l1"><a class="reference internal" href="../lineage.html">Lineage</a></li> <li class="toctree-l1"><a class="reference internal" href="../changelog.html">Changelog</a></li> <li class="toctree-l1"><a class="reference internal" href="../faq.html">FAQ</a></li> <li class="toctree-l1"><a class="reference internal" href="../code.html">API Reference</a></li> </ul> </div> </div> </nav> <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> <nav class="wy-nav-top" aria-label="top navigation"> <i data-toggle="wy-nav-top" class="fa fa-bars"></i> <a href="../index.html">Airflow</a> </nav> <div class="wy-nav-content"> <div class="rst-content"> <div role="navigation" aria-label="breadcrumbs navigation"> <ul class="wy-breadcrumbs"> <li><a href="../index.html">Docs</a> &raquo;</li> <li><a href="index.html">How-to Guides</a> &raquo;</li> <li>Securing Connections</li> <li class="wy-breadcrumbs-aside"> <a href="../_sources/howto/secure-connections.rst.txt" rel="nofollow"> View page source</a> </li> </ul> <hr/> </div> <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> <div itemprop="articleBody"> <div class="section" id="securing-connections"> <h1>Securing Connections<a class="headerlink" href="#securing-connections" title="Permalink to this headline">¶</a></h1> <p>By default, Airflow will save the passwords for the connection in plain text within the metadata database. The <code class="docutils literal notranslate"><span class="pre">crypto</span></code> package is highly recommended during installation. The <code class="docutils literal notranslate"><span class="pre">crypto</span></code> package does require that your operating system has <code class="docutils literal notranslate"><span class="pre">libffi-dev</span></code> installed.</p> <p>If <code class="docutils literal notranslate"><span class="pre">crypto</span></code> package was not installed initially, it means that your Fernet key in <code class="docutils literal notranslate"><span class="pre">airflow.cfg</span></code> is empty.</p> <p>You can still enable encryption for passwords within connections by following below steps:</p> <ol class="arabic simple"> <li>Install crypto package <code class="docutils literal notranslate"><span class="pre">pip</span> <span class="pre">install</span> <span class="pre">apache-airflow[crypto]</span></code></li> <li>Generate fernet_key, using this code snippet below. <code class="docutils literal notranslate"><span class="pre">fernet_key</span></code> must be a base64-encoded 32-byte key.</li> </ol> <div class="code python highlight-default notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">cryptography.fernet</span> <span class="k">import</span> <span class="n">Fernet</span> <span class="n">fernet_key</span><span class="o">=</span> <span class="n">Fernet</span><span class="o">.</span><span class="n">generate_key</span><span class="p">()</span> <span class="nb">print</span><span class="p">(</span><span class="n">fernet_key</span><span class="o">.</span><span class="n">decode</span><span class="p">())</span> <span class="c1"># your fernet_key, keep it in secured place!</span> </pre></div> </div> <p>3. Replace <code class="docutils literal notranslate"><span class="pre">airflow.cfg</span></code> fernet_key value with the one from step 2. Alternatively, you can store your fernet_key in OS environment variable. You do not need to change <code class="docutils literal notranslate"><span class="pre">airflow.cfg</span></code> in this case as Airflow will use environment variable over the value in <code class="docutils literal notranslate"><span class="pre">airflow.cfg</span></code>:</p> <div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="c1"># Note the double underscores</span> <span class="nb">export</span> <span class="nv">AIRFLOW__CORE__FERNET_KEY</span><span class="o">=</span>your_fernet_key </pre></div> </div> <ol class="arabic simple" start="4"> <li>Restart Airflow webserver.</li> <li>For existing connections (the ones that you had defined before installing <code class="docutils literal notranslate"><span class="pre">airflow[crypto]</span></code> and creating a Fernet key), you need to open each connection in the connection admin UI, re-type the password, and save it.</li> </ol> </div> </div> </div> <footer> <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> <a href="write-logs.html" class="btn btn-neutral float-right" title="Writing Logs" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a> <a href="manage-connections.html" class="btn btn-neutral" title="Managing Connections" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a> </div> <hr/> <div role="contentinfo"> <p> </p> </div> Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. </footer> </div> </div> </section> </div> <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/language_data.js"></script> <script type="text/javascript" src="../_static/js/theme.js"></script> <script type="text/javascript"> jQuery(function () { SphinxRtdTheme.Navigation.enable(true); }); </script> </body> </html>