An Airflow custom secrets backend for CyberArk CCP
Project description
airflow-cyberark-secrets-backend
This is a secrets backend for CyberArk CCP (central credential provider) for the Apache Airflow platform. It will allow one to pull connections and variables from their CyberArk safes via the CCP.
This library has been tested with Airflow 1.10.14.
Documentation for CyberArk CCP can be found here .
Documentation for Airflow secrets backends can be found here
Usage
pip install airflow-cyberark-secrets-backend
Update your airflow.cfg
with the following
[secrets]
backend = airflow_cyberark_secrets_backend.CyberArkSecretsBackend
backend_kwargs = {"app_id": "/files/var.json", "ccp_url": "/files/conn.json", "safe": "", "verify": "/path/to/ssl/cert.pem" }
The backend_kwargs:
- app_id : The application ID for CCP
- ccp_url : The host URL for CCP AIM, excluding query params
- safe : The secrets safe
- verify : The SSL cert path to for CCP SSL, can be False for disable, can be env var
CYBERARK_SSL
, defaultFalse
This library expects and requires your CyberArk response to have the the following properties (will be mapped mapped to Airflow keys). This map is a band-aid required from the little configuration CyberArk PAM (11.xx) allows.
- AccountDescription : svc_account
- ApplicationName : schema
- Address : host
- Comment : extra
- Content : password
- LogonDomain : login
- Port : port
AccountDescription : svc_account field is used to fetch password from rotating secret where the fetched secret is statis, i.e. if you fetch
secret1
which is static, if you specify the CCP URL forsecret2
which rotates it will fetch metadata forsecret1
and fill in password fromsecret2
in its response
Development
PRs welcomed.
The following will install in editable mode with all required development tools.
pip install -e '.[dev]'
Please format (black
) and lint (pylint
) before submitting PR.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file airflow-cyberark-secrets-backend-0.1.0.tar.gz
.
File metadata
- Download URL: airflow-cyberark-secrets-backend-0.1.0.tar.gz
- Upload date:
- Size: 3.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.0.0 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4629a46a36baa136654b4c307251b0c99bf3209fc74e17a3828c7b3b886d5dda |
|
MD5 | 3b60916833b07b2dfbc2667cd437d48f |
|
BLAKE2b-256 | 9b4aec482df99200a8c8f5eaff5d89d94f8d857767e5cabc8eb3912c301b42c8 |
File details
Details for the file airflow_cyberark_secrets_backend-0.1.0-py3-none-any.whl
.
File metadata
- Download URL: airflow_cyberark_secrets_backend-0.1.0-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.0.0 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3f793eac7a7b7313426bef6aabf7d1a9632aa08b39ec446005fb788d318c977e |
|
MD5 | 1f00150fee3c08b5b2c4bfaf1be4bbf2 |
|
BLAKE2b-256 | be4aabeddca445338fdf0739a5a0cb8a27d40a197002bfabf3ff1db0c912ac05 |