Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-5454

security - hide all password/secret/credentials/tokens from log

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.10.5
    • Fix Version/s: None
    • Component/s: logging, security
    • Labels:

      Description

      I am proposing a new config flag. It will enforce a generic override in all airflow logging to suppress printing any lines containing case-insensitive match on any of: password|secret|credential|token

       

      If you do a

      grep -iE 'password|secret|credential|token' -R <airflow_logs_folder>

      you may be surprised with what you find :O

       

      ideally could replace only the sensitive value but there are various formats like:  

      key=value, key'=value, key value, key"=value, key = value, key"="value, key:value

      ..etc

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                toopt4 t oo
              • Votes:
                1 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: