tessl/pypi-apache-airflow-providers-hashicorp
Apache Airflow provider package for HashiCorp Vault integration, enabling secret management and authentication within Airflow workflows.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-apache-airflow-providers-hashicorp@4.3.00
# Apache Airflow Providers HashiCorp
1
2
Apache Airflow provider package for HashiCorp Vault integration, enabling secure secret management and authentication within Airflow workflows. This provider allows Airflow to securely retrieve secrets, connections, and configurations from HashiCorp Vault using various authentication methods.
3
4
## Package Information
5
6
- **Package Name**: apache-airflow-providers-hashicorp
7
- **Package Type**: pypi
8
- **Language**: Python
9
- **Installation**: `pip install apache-airflow-providers-hashicorp`
10
11
## Core Imports
12
13
```python
14
from airflow.providers.hashicorp.hooks.vault import VaultHook
15
from airflow.providers.hashicorp.secrets.vault import VaultBackend
16
```
17
18
## Basic Usage
19
20
```python
21
from airflow.providers.hashicorp.hooks.vault import VaultHook
22
23
# Initialize Vault hook with connection ID
24
vault_hook = VaultHook(vault_conn_id='vault_default')
25
26
# Retrieve a secret from Vault
27
secret = vault_hook.get_secret('path/to/secret')
28
print(secret) # {'key': 'value', 'password': 'secret123'}
29
30
# Create or update a secret
31
new_secret = {'username': 'user', 'password': 'newpass'}
32
response = vault_hook.create_or_update_secret('path/to/new/secret', new_secret)
33
34
# Get secret metadata (KV version 2 only)
35
metadata = vault_hook.get_secret_metadata('path/to/secret')
36
print(metadata['versions']) # Version information
37
```
38
39
## Architecture
40
41
The provider package follows Airflow's provider architecture pattern with three main components:
42
43
- **VaultHook**: Primary interface for interacting with HashiCorp Vault's Key-Value secret engine
44
- **VaultBackend**: Secrets backend that automatically retrieves Airflow connections, variables, and configurations from Vault
45
- **Connection Types**: Defines 'vault' connection type for Airflow UI integration
46
47
This architecture enables both programmatic access to Vault secrets within DAGs and automatic secret retrieval for Airflow's core functionality.
48
49
## Capabilities
50
51
### Vault Hook Operations
52
53
Direct interaction with HashiCorp Vault for secret management operations, including reading, writing, and managing secrets with support for both KV version 1 and 2 engines.
54
55
```python { .api }
56
class VaultHook:
57
def __init__(self, vault_conn_id: str = None, auth_type: str = "token", **kwargs): ...
58
def get_secret(self, secret_path: str, secret_version: int | None = None) -> dict | None: ...
59
def create_or_update_secret(self, secret_path: str, secret: dict, method: str | None = None, cas: int | None = None): ...
60
def get_secret_metadata(self, secret_path: str) -> dict | None: ...
61
```
62
63
[Vault Hook](./vault-hook.md)
64
65
### Secrets Backend Integration
66
67
Automatic retrieval of Airflow connections, variables, and configurations from HashiCorp Vault, enabling seamless integration with Airflow's secrets management system.
68
69
```python { .api }
70
class VaultBackend:
71
def __init__(self, connections_path: str = "connections", variables_path: str = "variables", **kwargs): ...
72
def get_connection(self, conn_id: str): ...
73
def get_variable(self, key: str) -> str | None: ...
74
def get_config(self, key: str) -> str | None: ...
75
```
76
77
[Secrets Backend](./secrets-backend.md)
78
79
### Authentication Methods
80
81
Support for multiple HashiCorp Vault authentication methods including token, AppRole, Kubernetes, AWS IAM, Azure AD, GCP, LDAP, and more.
82
83
```python { .api }
84
# Supported authentication types
85
SUPPORTED_AUTH_TYPES = [
86
"approle", "github", "gcp", "kubernetes",
87
"ldap", "token", "userpass", "aws_iam",
88
"azure", "radius"
89
]
90
```
91
92
[Authentication](./authentication.md)