You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "t oo (Jira)" <ji...@apache.org> on 2019/09/10 19:27:00 UTC
[jira] [Created] (AIRFLOW-5454) security - hide all
password/secret/credentials/tokens from log
t oo created AIRFLOW-5454:
-----------------------------
Summary: security - hide all password/secret/credentials/tokens from log
Key: AIRFLOW-5454
URL: https://issues.apache.org/jira/browse/AIRFLOW-5454
Project: Apache Airflow
Issue Type: Improvement
Components: logging, security
Affects Versions: 1.10.5
Reporter: t oo
I am proposing a new config flag that enforces a generic override in all airflow logging that suppresses logging of all lines containing case-insensitive match on any of: password|secret|credential|token
If you do a
{code:java}
grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>{code}
you may be surprised with what you find :O
ideally could replace only the sensitive value but there are various formats like:
{code:java}
key=value, key'=value, key value, key"=value, key = value, key"="value, key:value{code}
..etc
--
This message was sent by Atlassian Jira
(v8.3.2#803003)