Airflow: Visible Fernet Key

Airflow uses Fernet to encrypt and secure its communication. Keeping the key plainly visible in your configuration is a security risk, both due to hard coding and exposure or lack of ability to rotate easily.


In airflow.cfg:

fernet_key = "exposed key"


Remove the key from your configuration and use an environment variable that Airflow supports:

export AIRFLOW__CORE__FERNET_KEY=your_fernet_key