Configure secrets backend

Remote Execution Agents require a secrets backend to securely access Airflow connections and variables. A secrets backend stores sensitive information like passwords, API keys, and database credentials outside of your Deployment and agent configuration files. secretBackend is the Airflow secrets backend class to use for the Agent. Each supported integration includes the Remote Execution Agent-specific implementation steps:

It is not recommended for production use cases, but you can also use Airflow’s local filesystem backend as a simpler alternative to an external secrets provider by setting:

secretBackend: "airflow.secrets.local_filesystem.LocalFilesystemBackend"

and setting the following environment variable in the Remote Execution Agent’s Helm chart:

AIRFLOW__SECRETS__BACKEND_KWARGS: '{"variables_file_path": "/files/var.json", "connections_file_path": "/files/conn.json"}'

The rest of the configuration should be passed as environment variables to the Agent components.

Remote Execution Agent failure and recovery scenarios Configure XCom backend

⌘I

Overview

Get Started

Develop

Manage Configuration

Run Workloads

Deploy And Automate

Documentation

Remote Execution

Secrets Backend

CI/CD Templates

Observe And Alert

Administration

Infrastructure

Reference And Support

Best Practices

Airflow 3

Overview

Get Started

Develop

Manage Configuration

Run Workloads

Deploy And Automate

Documentation

Remote Execution

Secrets Backend

CI/CD Templates

Observe And Alert

Administration

Infrastructure

Reference And Support

Best Practices

Airflow 3

Documentation Index