This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch v3-1-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v3-1-test by this push:
new 53837bb9f3f [v3-1-test] Clarify policy for exposing sensitive data
(#59864) (#61392)
53837bb9f3f is described below
commit 53837bb9f3f977a19882fc4c4cad2a30eefcb0c0
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Tue Feb 3 19:05:19 2026 +0100
[v3-1-test] Clarify policy for exposing sensitive data (#59864) (#61392)
* doc: clarify policy for exposing sensitive data
* Update airflow-core/docs/security/security_model.rst
---------
(cherry picked from commit 8a4f38f04498b07d62642aa1911dde040f863bdc)
Co-authored-by: arnoldmr01 <[email protected]>
Co-authored-by: Jarek Potiuk <[email protected]>
---
airflow-core/docs/security/security_model.rst | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/airflow-core/docs/security/security_model.rst
b/airflow-core/docs/security/security_model.rst
index 10b2ad3fb3e..28c81eb6b4a 100644
--- a/airflow-core/docs/security/security_model.rst
+++ b/airflow-core/docs/security/security_model.rst
@@ -131,8 +131,15 @@ Those users should be highly trusted not to misuse this
capability.
been changed in Airflow 3 to improve security of the accidental spilling of
credentials of the connection configuration
users. Previously - in Airflow 2 - the **Connection configuration users**
had deliberately access to view the
sensitive information and could either reveal it by using Inspect
capabilities of the browser or they were plain visible in
- case of the sensitive credentials stored in configuration extras. Airflow 3
and later versions include security
- improvement to mask those sensitive credentials at the API level.
+ case of the sensitive credentials stored in configuration extras. Airflow 3
and later versions mask these sensitive credentials
+ at the API level and do not return them in clear text.
+
+About Sensitive information
+...........................
+
+Sensitive information consists of connection details, variables, and
configuration. In Airflow 3 and later versions, sensitive information will not
be exposed to users via API, UI, ``airflowctl``.
+However, ``task-sdk`` still provides access to sensitive information (e.g.,
Use SDK API Client to get Variables with task-specific ``JWT`` token). Local
CLI will only return keys except when using ``--show_values``.
+Sensitive information has been masked in logs, UI, and API outputs. In case of
Dag author expose sensitive information in other way (e.g., via environment
variables), those values will not be masked.
Audit log users
...............
