Why is connection encryption important in Apache Airflow?
Think about what sensitive information Airflow stores and why encryption matters.
Airflow stores connection credentials like passwords and tokens in its metadata database. Encrypting these credentials prevents unauthorized users from reading them if they access the database.
Which configuration setting enables connection encryption in Airflow?
Look for a key related to encryption in the main Airflow config file.
Airflow uses a fernet_key in airflow.cfg to encrypt and decrypt connection passwords. This key must be set under the [core] section.
What is the output of the command airflow connections list when connection encryption is enabled and passwords are set?
airflow connections listThink about how Airflow stores and displays encrypted passwords.
When encryption is enabled, Airflow stores passwords encrypted but decrypts them when displaying. However, the CLI shows the encrypted string to avoid exposing plain text.
You enabled connection encryption by setting a new fernet_key but now Airflow fails to decrypt existing connection passwords. What is the cause?
Think about how encryption keys work for decrypting data.
If you change the fernet_key, Airflow cannot decrypt passwords encrypted with the old key. The key must remain consistent to decrypt existing data.
What is the best practice for managing the fernet_key used for connection encryption in Airflow?
Consider security and data availability when handling encryption keys.
The fernet_key must be stored securely and rotated carefully. Losing the key means losing access to encrypted connection passwords. Generating a new key every start or hardcoding it in DAGs is insecure or impractical.