16 Securing Airflow
This chapter covers
- Examining and configuring RBAC for controlling access
- Granting access to a central set of users by connecting with an LDAP service
- Configuring a Fernet key to encrypt secrets in the database
- Securing traffic between your browser and the webserver
- Fetching secrets from a central secret management system
Given the nature of Airflow, a spider in the web orchestrating a series of tasks, it must connect with many systems and is therefore a desirable target to gain access to. Here we discuss the implementation of security of Airflow to prevent unwanted access. We cover various security-related use cases and elaborate on these with practical examples. Security is often seen as a topic of black magic, where the understanding of a plethora of technologies, abbreviations, and intricate details is deemed necessary. While this is not untrue, we wrote this chapter with readers who have little security knowledge in mind, and hence highlight various key strategies to avoid unwanted actions on your Airflow installation, which should serve as a starting point.
16.1 Role Based Access in the Airflow UI
Start Airflow and go to http://localhost:8080, where you will see a login screen (figure 16.1).
Figure 16.1 Home screen of the RBAC interface. Password authentication is enabled by default. The existence of a default user depends on the way Airflow is deployed.
