potiuk commented on issue #40704: URL: https://github.com/apache/airflow/issues/40704#issuecomment-2241776385
Generally XCOMs are not encrypted by FERNET key. Which means that if you are passing secrets through Xcoms, anyone who has access to DB or DB logs can know the secret. I'd say NOT masking secret is a feature. It tells you you should not pass secrets via Xoms - they are not designed to be used for that. Masking secrets in XCom might give you false sense of security that it is protected in some ways, where it - in fact - is not. Converting it to a discussion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
