Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove secret from airflow helm values #2677

Merged
merged 1 commit into from
Apr 22, 2022
Merged

Remove secret from airflow helm values #2677

merged 1 commit into from
Apr 22, 2022

Conversation

kevin-bates
Copy link
Member

Running a scan to detect secrets persisted within the Elyra repository yielded several false positives, except one specifying a Fernet Key. Since the preceding comment describes how to generate a key value, it's fairly clear the value that is there should be replaced when a user deploys Elyra via the helm chart.

This pull request replaces the value with "my-generated-fernetKey", which self-decribes what should be done, in conjunction with the preceding comment . That comment is captured here:

  ## the fernet key used to encrypt the connections/variables in the database
  ##
  ## WARNING:
  ## - you MUST customise this value, otherwise the encryption will be somewhat pointless
  ##
  ## NOTE:
  ## - to prevent this value being stored in your values.yaml (and airflow-env ConfigMap),
  ##   consider using `airflow.extraEnv` to define it from a pre-created secret
  ##
  ## GENERATE:
  ##   python -c "from cryptography.fernet import Fernet; FERNET_KEY = Fernet.generate_key().decode(); print(FERNET_KEY)"
  ##

Developer's Certificate of Origin 1.1

   By making a contribution to this project, I certify that:

   (a) The contribution was created in whole or in part by me and I
       have the right to submit it under the Apache License 2.0; or

   (b) The contribution is based upon previous work that, to the best
       of my knowledge, is covered under an appropriate open source
       license and I have the right under that license to submit that
       work with modifications, whether created in whole or in part
       by me, under the same open source license (unless I am
       permitted to submit under a different license), as indicated
       in the file; or

   (c) The contribution was provided directly to me by some other
       person who certified (a), (b) or (c) and I have not modified
       it.

   (d) I understand and agree that this project and the contribution
       are public and that a record of the contribution (including all
       personal information I submit with it, including my sign-off) is
       maintained indefinitely and may be redistributed consistent with
       this project or the open source license(s) involved.

@elyra-bot
Copy link

elyra-bot bot commented Apr 22, 2022

Thanks for making a pull request to Elyra!

To try out this branch on binder, follow this link: Binder

@kevin-bates kevin-bates requested a review from akchinSTC April 22, 2022 15:26
@akchinSTC akchinSTC added the platform: pipeline-Airflow Related to usage of Apache Airflow as pipeline runtime label Apr 22, 2022
@akchinSTC akchinSTC merged commit c1453e0 into elyra-ai:master Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akchinSTC akchinSTC akchinSTC approved these changes

Assignees
No one assigned
Labels
platform: pipeline-Airflow Related to usage of Apache Airflow as pipeline runtime
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kevin-bates @akchinSTC