ppatel8-wooliex commented on pull request #15599: URL: https://github.com/apache/airflow/pull/15599#issuecomment-898551177
@Jujubug88 Alternatively, you can try using own masking as suggested here. https://airflow.apache.org/docs/apache-airflow/stable/security/secrets/index.html The below is example with Vault but i think you can mask any param value or connection string you want to mask. when you use vault to get the secret then before passing as params you can mask it. It will display as **** in log as well as rendered template. you can use the below code to mask the secret from the Vault. from airflow.utils.log.secrets_masker import mask_secret openssl_service_account_key_read_response = client.secrets.kv.read_secret_version(path=openssl_service_account_secret_path,mount_point=vault_mount_point) service_account_secret = openssl_service_account_key_read_response['data']['data'][openssl_service_account_key] mask_secret(service_account_secret) sample_commands=dedent(''' set +x; pwd; cd /home/airflow/gcs/data/bin/ chmod 775 -R .; ./bin/test.sh '{{ params.service_account_secret }}'; ''') task_1 = BashOperator( task_id='', bash_command=sample_commands, params={ 'service_account_secret' : service_account_secret } ) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
