Airflow variables can store sensitive data like API keys. Why is it important to encrypt these variables?
Think about what happens if someone gains access to the Airflow database.
Encrypting variables protects sensitive data from being exposed if the metadata database is accessed by unauthorized users. It does not affect performance or sharing.
What is the output when you run airflow config get-value core encrypt_variable after setting encrypt_variable = True in airflow.cfg?
Check the exact value you set in the config file.
Setting encrypt_variable = True enables encryption, so the command returns True.
Arrange the steps to enable variable encryption in Airflow in the correct order.
You need the key before setting it in the config.
First generate the Fernet key, then set it in the config, enable encryption, and finally restart Airflow services.
You changed the Fernet key in airflow.cfg but now Airflow raises errors when accessing encrypted variables. What is the cause?
Think about how encryption keys work with encrypted data.
Encrypted variables can only be decrypted with the same Fernet key used during encryption. Changing the key breaks decryption.
Which option is the best practice for managing Fernet keys to ensure secure and reliable Airflow variable encryption?
Consider security and operational reliability.
Storing keys securely and rotating them with a key management system reduces risk of exposure and supports secure operations.