Airflow: Visible Fernet Key

Suggest Edits

Airflow uses Fernet to encrypt and secure its communication. Keeping the key plainly visible in your configuration is a security risk, both due to hard coding and exposure or lack of ability to rotate easily.

Problem

In airflow.cfg:

fernet_key = "exposed key"

Fix

Remove the key from your configuration and use an environment variable that Airflow supports:

export AIRFLOW__CORE__FERNET_KEY=your_fernet_key

See

Airflow: securing connections
Fernet symmetric encryption

Updated about 1 year ago