You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Daniel Chang (Jira)" <ji...@apache.org> on 2020/03/31 12:26:00 UTC
[jira] [Commented] (AIRFLOW-5454) security - hide all
password/secret/credentials/tokens from log
[ https://issues.apache.org/jira/browse/AIRFLOW-5454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071726#comment-17071726 ]
Daniel Chang commented on AIRFLOW-5454:
---------------------------------------
Hi, do you mind if I try this for GSOC 2020?
> security - hide all password/secret/credentials/tokens from log
> ---------------------------------------------------------------
>
> Key: AIRFLOW-5454
> URL: https://issues.apache.org/jira/browse/AIRFLOW-5454
> Project: Apache Airflow
> Issue Type: Improvement
> Components: logging, security
> Affects Versions: 1.10.5
> Reporter: t oo
> Assignee: Daniel Chang
> Priority: Major
> Labels: gsoc, gsoc2020, mentor
>
> I am proposing a new config flag. It will enforce a generic override in all airflow logging to suppress printing any lines containing case-insensitive match on any of: password|secret|credential|token
>
> If you do a
> {code:java}
> grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>{code}
> you may be surprised with what you find :O
>
> ideally could replace only the sensitive value but there are various formats like:
> {code:java}
> key=value, key'=value, key value, key"=value, key = value, key"="value, key:value{code}
> ..etc
--
This message was sent by Atlassian Jira
(v8.3.4#803005)