This is an automated email from the ASF dual-hosted git repository.
jedcunningham pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new d1d04fe Mask value if the key is ``token`` (#16474)
d1d04fe is described below
commit d1d04fee8ded551c9fd0a13980feab27fbfc0cbe
Author: Robert Saxby <[email protected]>
AuthorDate: Fri Jul 2 21:21:56 2021 +0200
Mask value if the key is ``token`` (#16474)
Some connections (including the databricks connection) use the key 'token'
in the 'extra' field (this has always been the case). Including it here so that
these sensitive tokens are also masked by default.
The prior implementation just masked all of the 'extra' json: "XXXXXXXX" if
conn.extra_dejson else None
https://github.com/apache/airflow/blob/88199eefccb4c805f8d6527bab5bf600b397c35e/airflow/hooks/base.py#L78
---
airflow/utils/log/secrets_masker.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/airflow/utils/log/secrets_masker.py
b/airflow/utils/log/secrets_masker.py
index 25aa754..537ee07 100644
--- a/airflow/utils/log/secrets_masker.py
+++ b/airflow/utils/log/secrets_masker.py
@@ -42,6 +42,7 @@ DEFAULT_SENSITIVE_FIELDS = frozenset(
'password',
'private_key',
'secret',
+ 'token',
}
)
"""Names of fields (Connection extra, Variable key name etc.) that are deemed
sensitive"""
