potiuk opened a new issue, #54090: URL: https://github.com/apache/airflow/issues/54090
### Apache Airflow version main (development) ### If "Other Airflow 2 version" selected, which one? _No response_ ### What happened? After #53973 where change in our security model has been implemented, to not allow anyone (including connection editing users) to be able to see sensitive data from the connection - effectively making connection sensitive data "write-only". This has an impact on export/import capability for `airflowctl` because airflowctl exposed export/import capability and retrieved connection data via API - and the current model (draft described in https://github.com/apache/airflow/pull/54088) assumes that there is no access to sensitive connection credential via "public API". Only Tasks have access to those via "task-sdk" API. However this means that exported files will contain "***" (unicode-d) mask instead of real sensitive data - which make them unusable for imports. There are several ways it can be solved: 1) drop export/import functionality from airflowctl (technically speaking we could only drop export and assume that someone could export using airflow CLI to export data and airflowctl to import it, but it could be confusing). 2) encrypt the exported data (either with FERNET key or with a passphrase entered by the user) - the passphrase by the user is however violating the assumption that no "API" user shoud be able to see the password - we should rather use some security passphrase that is not available to the API user 3) relax expectation of the `airflowctl` user to be able to use "task-sdk" API - but this is also violating the assumptions that no API user should see the credentials. Possibly there are other optiosns. @ashb @pierrejeambrun (and of course @bugraoz93 should likely be aware of that) I wonder what your opinions on that are. We had no chance to discuss it before, because decision on changing the model has been taken very hastily without discussing the consequences, but maybe that is a good opportunity to discuss it here. ### What you think should happen instead? _No response_ ### How to reproduce 1) Install airflow 2) add connection 3) run `airflowctl connection export` 4) observe export file containing masked sensitive data that is not "importable" correctly ### Operating System Any ### Versions of Apache Airflow Providers _No response_ ### Deployment Other ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
