Skip to main content

An Airflow custom secrets backend for CyberArk CCP

Project description

airflow-cyberark-secrets-backend

This is a secrets backend for CyberArk CCP (central credential provider) for the Apache Airflow platform. It will allow one to pull connections and variables from their CyberArk safes via the CCP.

This library has been tested with Airflow 1.10.14.

Documentation for CyberArk CCP can be found here .

Documentation for Airflow secrets backends can be found here

Usage

pip install airflow-cyberark-secrets-backend

Update your airflow.cfg with the following

[secrets]
backend = airflow_cyberark_secrets_backend.CyberArkSecretsBackend

backend_kwargs = {"app_id": "/files/var.json", "ccp_url": "/files/conn.json", "safe": "", "verify": "/path/to/ssl/cert.pem" }

The backend_kwargs:

  • app_id : The application ID for CCP
  • ccp_url : The host URL for CCP AIM, excluding query params
  • safe : The secrets safe
  • verify : The SSL cert path to for CCP SSL, can be False for disable, can be env var CYBERARK_SSL, default False

This library expects and requires your CyberArk response to have the the following properties (will be mapped mapped to Airflow keys). This map is a band-aid required from the little configuration CyberArk PAM (11.xx) allows.

  • AccountDescription : svc_account
  • ApplicationName : schema
  • Address : host
  • Comment : extra
  • Content : password
  • LogonDomain : login
  • Port : port

AccountDescription : svc_account field is used to fetch password from rotating secret where the fetched secret is statis, i.e. if you fetch secret1 which is static, if you specify the CCP URL for secret2 which rotates it will fetch metadata for secret1 and fill in password from secret2 in its response

Development

PRs welcomed.

The following will install in editable mode with all required development tools.

pip install -e '.[dev]'

Please format (black) and lint (pylint) before submitting PR.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

File details

Details for the file airflow-cyberark-secrets-backend-0.1.0.tar.gz.

File metadata

  • Download URL: airflow-cyberark-secrets-backend-0.1.0.tar.gz
  • Upload date:
  • Size: 3.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.0.0 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3

File hashes

Hashes for airflow-cyberark-secrets-backend-0.1.0.tar.gz
Algorithm Hash digest
SHA256 4629a46a36baa136654b4c307251b0c99bf3209fc74e17a3828c7b3b886d5dda
MD5 3b60916833b07b2dfbc2667cd437d48f
BLAKE2b-256 9b4aec482df99200a8c8f5eaff5d89d94f8d857767e5cabc8eb3912c301b42c8

See more details on using hashes here.

File details

Details for the file airflow_cyberark_secrets_backend-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: airflow_cyberark_secrets_backend-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 5.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.0.0 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3

File hashes

Hashes for airflow_cyberark_secrets_backend-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3f793eac7a7b7313426bef6aabf7d1a9632aa08b39ec446005fb788d318c977e
MD5 1f00150fee3c08b5b2c4bfaf1be4bbf2
BLAKE2b-256 be4aabeddca445338fdf0739a5a0cb8a27d40a197002bfabf3ff1db0c912ac05

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page