Improve error messaging for Hashicorp Vault secrets provider #55015
Description
Description
Currently, when using Hashicorp Vault as secrets backend for Airflow its difficult to understand:
- Is Vault authentication configured correctly - There's no meaningful error message when I do
airflow connections get <>orairflow variables get <> - When Secret/Variable/Config(untested) is malformed
In both mentioned cases, when I'm trying to debug both cases, by fetching variable/connection I get:
Variable <> does not exist
Steps to reproduce:
- Create a broken variable (see screenshot where key is
vals) - Query it in the pod:
airflow variables get broken
Get:
astro@quixflow-worker-default-worker-549cc7dc6-w6rzs:/usr/local/airflow$ airflow variables get broken
Variable broken does not exist
Now, I fix my variable (see screenshot 2 where key is value):
astro@quixflow-worker-default-worker-549cc7dc6-w6rzs:/usr/local/airflow$ airflow variables get broken
[2025-08-26T12:59:25.349+0000] {plugin.py:125} WARNING - Astro managed secrets backend is disabled
testtest
Same thing applies to connections.
Upon investigation with @BasPH (thank you!), he pointed out that Vault provider needs conn_uri or value keys to properly parse connection/variable with a fallback to None returned if any of those wasn't found which may confuse the users.
Use case/motivation
I believe upon failing of parsing a connection/variable - error message should be clear to understand
Related issues
No response
Are you willing to submit a PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct