16 Securing Airflow
This chapter covers
- Examining and configuring RBAC for controlling access
- Granting access to a central set of users by connecting with an LDAP service
- Configuring a Fernet key to encrypt secrets in the database
- Securing traffic between your browser and the webserver
- Fetching secrets from a central secret management system
As an orchestrator with access to many other systems, Airflow is often a desirable target for hackers. To keep unwanted intruders at bay, Airflow offers several layers of security to help you prevent unauthorized access.
In this chapter, we dive deeper into Airflow’s security layers and show some practical examples of how to use them. Combined this should give you a good starting point for implementing strategies to secure your own Airflow installation.
We assume you have some knowledge of basic security principles; however, the chapter was written with readers with little pre-existing knowledge in mind and should therefore be suitable for most readers.
16.1 Role Based Access in the Airflow UI
Start Airflow and go to http://localhost:8080, where you will see a login screen (figure 16.1).
Figure 16.1 Home screen of the RBAC interface. Password authentication is enabled by default. The existence of a default user depends on the way Airflow is deployed.
