This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new dc038892d0 Add more precise description of maskiing sensitive field
names (#40512)
dc038892d0 is described below
commit dc038892d0c8313e144ae2a1d08a3ab7d970e810
Author: Jarek Potiuk <[email protected]>
AuthorDate: Mon Jul 1 08:10:06 2024 +0200
Add more precise description of maskiing sensitive field names (#40512)
---
docs/apache-airflow/security/secrets/mask-sensitive-values.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
index a7d48b20ad..913fc12473 100644
--- a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
+++ b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
@@ -38,7 +38,8 @@ Sensitive field names
When masking is enabled, Airflow will always mask the password field of every
Connection that is accessed by a
task.
-It will also mask the value of a Variable, or the field of a Connection's
extra JSON blob if the name contains
+It will also mask the value of a Variable, rendered template dictionaries,
XCom dictionaries or the
+field of a Connection's extra JSON blob if the name contains
any words in ('access_token', 'api_key', 'apikey', 'authorization',
'passphrase', 'passwd',
'password', 'private_key', 'secret', 'token'). This list can also be extended:
