Configure an external secrets backend on Astro Private Cloud
Configure a secrets backend on Astro Private Cloud to centrally and securely manage Airflow variables and connections using your preferred secrets management tool.
Astro Private Cloud supports integration with the following external secrets backends:
Use your own Hashicorp Vault instance for storing Airflow variables and connections.
Manage secrets and credentials with AWS Secrets Manager.
Use AWS Systems Manager Parameter Store for secret storage integration.
Integrate Google Cloud Secret Manager with your Astro Private Cloud Deployments.
Securely store and retrieve Airflow secrets with Azure Key Vault.
Why integrate a secrets backend?
- Store Airflow secrets in a centralized place, keeping them outside your Airflow metadata database.
- Meet your organization’s security and compliance requirements.
- Enable easier rotation and management of connection and variable secrets.
For detailed setup instructions for each backend, select your provider above.
You can continue to manage Airflow variables and connections via the Airflow UI or as environment variables if desired. When a secrets backend is configured, Airflow will check the external backend for secret values before falling back to environment variables and then to the UI.
