JonnyWaffles commented on issue #16614: URL: https://github.com/apache/airflow/issues/16614#issuecomment-1019312882
Hi @potiuk and team, I am on 2.1.3 of Airflow and seeing the same. A simple connection test executing `hook.get_conn()` is logging my client_secret password when logging is set to INFO. I see the following code where the redactor does not receive a name for the key as a second argument, simply the text value of the password https://github.com/apache/airflow/blob/d5cafc901158ec4d10f86f6d0c5a4faba23bc41e/airflow/hooks/base.py#L69-L79 If I test the redactor myself it returns my password ```python from airflow.utils.log.secrets_masker import _secrets_masker m = _secrets_masker() m.redact("<MY CLIENT SECRET VALUE>") ``` I don't know if this is expected or not but my client secret (provided to the connection uri as a password) is being leaked when I run my simple connection test via pytest. I have not modified the log settings other than to set `AIRFLOW__LOGGING__LOGGING_LEVEL=INFO`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
