bobu-putheeckal opened a new pull request, #67407: URL: https://github.com/apache/airflow/pull/67407
closes: #59839 Clarifies the security model policy for sensitive data exposed through the public UI/API and `airflowctl`, including masking/redaction, permissions, connections/variables/configuration handling, secrets backends, and limits of masking for DAG-authored outputs. Tests/checks: - `uvx pre-commit run insert-license --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run rst-backticks --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run end-of-file-fixer --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run trailing-whitespace --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run mixed-line-ending --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run blacken-docs --files airflow-core/docs/security/security_model.rst` - `uvx pre-commit run check-for-inclusive-language --files airflow-core/docs/security/security_model.rst` - `git diff --check` Docs build note: - `uv run --group docs build-docs --help` could not finish installing the full default environment because `jpype1` requires a local Java runtime. - `uv run --no-default-groups --group docs build-docs --docs-only --one-pass-only apache-airflow` started, but failed before parsing docs because the system `enchant` C library is not installed for `sphinxcontrib.spelling`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
