You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by jh...@apache.org on 2021/07/09 19:57:42 UTC

[airflow] 03/07: Mask value if the key is ``token`` (#16474)

This is an automated email from the ASF dual-hosted git repository.

jhtimmins pushed a commit to branch v2-1-stable
in repository https://gitbox.apache.org/repos/asf/airflow.git

commit 24f3f63724016a11e3bea8f321a51f82c00196a0
Author: Robert Saxby <ro...@users.noreply.github.com>
AuthorDate: Fri Jul 2 21:21:56 2021 +0200

    Mask value if the key is ``token`` (#16474)
    
    Some connections (including the databricks connection) use the key 'token' in the 'extra' field (this has always been the case). Including it here so that these sensitive tokens are also masked by default.
    
    The prior implementation just masked all of the 'extra' json: "XXXXXXXX" if conn.extra_dejson else None https://github.com/apache/airflow/blob/88199eefccb4c805f8d6527bab5bf600b397c35e/airflow/hooks/base.py#L78
    
    (cherry picked from commit d1d04fee8ded551c9fd0a13980feab27fbfc0cbe)
---
 airflow/utils/log/secrets_masker.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/airflow/utils/log/secrets_masker.py b/airflow/utils/log/secrets_masker.py
index 4a254ac..1796cbc 100644
--- a/airflow/utils/log/secrets_masker.py
+++ b/airflow/utils/log/secrets_masker.py
@@ -55,6 +55,7 @@ DEFAULT_SENSITIVE_FIELDS = frozenset(
         'password',
         'private_key',
         'secret',
+        'token',
     }
 )
 """Names of fields (Connection extra, Variable key name etc.) that are deemed sensitive"""