Set airflow user password in DDL from environment #1695
Labels
🤖 aspect: dx
Concerns developers' experience with the codebase
🧰 goal: internal improvement
Improvement that benefits maintainers, not users
good first issue
New-contributor friendly
help wanted
Open to participation from the community
🟨 priority: medium
Not blocking but should be addressed soon
🧱 stack: catalog
Related to the catalog and Airflow DAGs
🔧 tech: airflow
Involves Apache Airflow
💾 tech: postgres
Involves PostgreSQL
Current Situation
Our current DDL implementation uses the default password
airflow
always: https://github.com/WordPress/openverse-catalog/blob/d5d39f1ab65a7f3fcf72b04efa336bedd2c690a5/docker/local_postgres/0001_airflow_user_db.sql.This can cause a potential security issue when deploying a production instance for the first time.
Suggested Improvement
Alter the first script to pull the password from an environment variable (possible solution here).
Benefit
This would allow us to define a different environment variable when running this migration on production, with a default for when running on dev.
Alternatives
Add explicit warnings in documentation or a guide for how to run deployments.
Additional context
This will be influenced and possibly covered by #1836.
Implementation
The text was updated successfully, but these errors were encountered: