tessl/pypi-apache-airflow-providers-hashicorp
Apache Airflow provider package for HashiCorp Vault integration, enabling secret management and authentication within Airflow workflows.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-apache-airflow-providers-hashicorp@4.3.0index.mddocs/
Apache Airflow Providers HashiCorp
Apache Airflow provider package for HashiCorp Vault integration, enabling secure secret management and authentication within Airflow workflows. This provider allows Airflow to securely retrieve secrets, connections, and configurations from HashiCorp Vault using various authentication methods.
Package Information
- Package Name: apache-airflow-providers-hashicorp
- Package Type: pypi
- Language: Python
- Installation:
pip install apache-airflow-providers-hashicorp
Core Imports
from airflow.providers.hashicorp.hooks.vault import VaultHook
from airflow.providers.hashicorp.secrets.vault import VaultBackendBasic Usage
from airflow.providers.hashicorp.hooks.vault import VaultHook
# Initialize Vault hook with connection ID
vault_hook = VaultHook(vault_conn_id='vault_default')
# Retrieve a secret from Vault
secret = vault_hook.get_secret('path/to/secret')
print(secret) # {'key': 'value', 'password': 'secret123'}
# Create or update a secret
new_secret = {'username': 'user', 'password': 'newpass'}
response = vault_hook.create_or_update_secret('path/to/new/secret', new_secret)
# Get secret metadata (KV version 2 only)
metadata = vault_hook.get_secret_metadata('path/to/secret')
print(metadata['versions']) # Version informationArchitecture
The provider package follows Airflow's provider architecture pattern with three main components:
- VaultHook: Primary interface for interacting with HashiCorp Vault's Key-Value secret engine
- VaultBackend: Secrets backend that automatically retrieves Airflow connections, variables, and configurations from Vault
- Connection Types: Defines 'vault' connection type for Airflow UI integration
This architecture enables both programmatic access to Vault secrets within DAGs and automatic secret retrieval for Airflow's core functionality.
Capabilities
Vault Hook Operations
Direct interaction with HashiCorp Vault for secret management operations, including reading, writing, and managing secrets with support for both KV version 1 and 2 engines.
class VaultHook:
def __init__(self, vault_conn_id: str = None, auth_type: str = "token", **kwargs): ...
def get_secret(self, secret_path: str, secret_version: int | None = None) -> dict | None: ...
def create_or_update_secret(self, secret_path: str, secret: dict, method: str | None = None, cas: int | None = None): ...
def get_secret_metadata(self, secret_path: str) -> dict | None: ...Secrets Backend Integration
Automatic retrieval of Airflow connections, variables, and configurations from HashiCorp Vault, enabling seamless integration with Airflow's secrets management system.
class VaultBackend:
def __init__(self, connections_path: str = "connections", variables_path: str = "variables", **kwargs): ...
def get_connection(self, conn_id: str): ...
def get_variable(self, key: str) -> str | None: ...
def get_config(self, key: str) -> str | None: ...Authentication Methods
Support for multiple HashiCorp Vault authentication methods including token, AppRole, Kubernetes, AWS IAM, Azure AD, GCP, LDAP, and more.
# Supported authentication types
SUPPORTED_AUTH_TYPES = [
"approle", "github", "gcp", "kubernetes",
"ldap", "token", "userpass", "aws_iam",
"azure", "radius"
]