portoedu opened a new issue, #28898: URL: https://github.com/apache/airflow/issues/28898
### Description A way to set an environment variable as a sensible config so that airflow hides it in the configuration page. ### Use case/motivation For security measures, we set the AIRFLOW__WEBSERVER__EXPOSE_CONFIG to non-sensitive-only so that Airflow hides a lot of information in the Configuration web page (there are a lot of non sensible information that is also being hidden). We use an authentication provider for the login and there are some parameters that we need to set for this to work, a few examples of these parameters are "client_id" and "client_secret". Since we set this using env vars, the straightforward and simple way is to set the section as auth (or something similar) and the name to the required parameter. An example is AIRFLOW__GENERIC_OAUTH__CLIENT_ID that we use to set the client_id parameter of auth. But here's the problem, airflow hides all of these auth env vars parameters except "AIRFLOW__GENERIC_OAUTH__CLIENT_SECRET". After a lot of research we couldn't find a way to set this information as sensible to the airflow configuration, we only could set the AIRFLOW__CORE__SENSITIVE_VAR_CONN_NAMES that doesn't work for the configuration page. Then, we found this documentation (https://airflow.apache.org/docs/apache-airflow/2.4.2/howto/set-config.html) which says that if we append _secret to a env var airflow will considers it as a connection string to be used at runtime. We are using the airflow version 2.4.2. Work Around: Don't use environment variables that ends with _secret (or _cmd), instead use _sekret or _token. ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org