akotuc opened a new issue #17021:
URL: https://github.com/apache/airflow/issues/17021
**Apache Airflow version**: 2.1.2
**Kubernetes version (if you are using kubernetes)** (use `kubectl
version`): v1.16.7
**Environment**:
- **Cloud provider or hardware configuration**:
- **OS** (e.g. from /etc/os-release): Debian GNU/Linux 10
- **Kernel** (e.g. `uname -a`): Linux airflow 4.4.232-1.el7.elrepo.x86_64 #1
SMP Fri Jul 31 11:49:26 EDT 2020 x86_64 GNU/Linux
- **Install tools**:
- **Others**:
**What happened**:
When `BaseHook.get_connection(conn_id)` function is used webserver log
contains exposed credentials.
In the webserver log is **unmasked** password if AF 2.1.x is used, e.g.:
`[2021-07-15 10:08:21,074: INFO/ForkPoolWorker-31] Using connection to: id:
airflow. Host: host, Port: None, Schema: , Login: user, Password: value, extra:
None`
The same code in 1.10.15 sends to the log masked password, e.g.:
`[2021-07-15 09:26:32,557] {{base_hook.py:89}} INFO - Using connection to: id:
airflow. Host: host, Port: None, Schema: , Login: user, Password: XXXXXXXX,
extra: None`
**What you expected to happen**:
Password (may be extras as well) to be masked in the log.
**How to reproduce it**:
Use `BaseHook.get_connection(conn_id)` in a DAG to get connection and check
the output on the webserver.
**Anything else we need to know**:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
