[ https://issues.apache.org/jira/browse/AIRFLOW-5454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
t oo updated AIRFLOW-5454: -------------------------- Description: I am proposing a new config flag. It will enforce a generic override in all airflow logging to suppresses printing any lines containing case-insensitive match on any of: password|secret|credential|token If you do a {code:java} grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>{code} you may be surprised with what you find :O ideally could replace only the sensitive value but there are various formats like: {code:java} key=value, key'=value, key value, key"=value, key = value, key"="value, key:value{code} ..etc was: I am proposing a new config flag that enforces a generic override in all airflow logging that suppresses logging of all lines containing case-insensitive match on any of: password|secret|credential|token If you do a {code:java} grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>{code} you may be surprised with what you find :O ideally could replace only the sensitive value but there are various formats like: {code:java} key=value, key'=value, key value, key"=value, key = value, key"="value, key:value{code} ..etc > security - hide all password/secret/credentials/tokens from log > --------------------------------------------------------------- > > Key: AIRFLOW-5454 > URL: https://issues.apache.org/jira/browse/AIRFLOW-5454 > Project: Apache Airflow > Issue Type: Improvement > Components: logging, security > Affects Versions: 1.10.5 > Reporter: t oo > Priority: Major > > I am proposing a new config flag. It will enforce a generic override in all > airflow logging to suppresses printing any lines containing case-insensitive > match on any of: password|secret|credential|token > > If you do a > {code:java} > grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>{code} > you may be surprised with what you find :O > > ideally could replace only the sensitive value but there are various formats > like: > {code:java} > key=value, key'=value, key value, key"=value, key = value, key"="value, > key:value{code} > ..etc -- This message was sent by Atlassian Jira (v8.3.2#803003)