jscheffl commented on PR #58252: URL: https://github.com/apache/airflow/pull/58252#issuecomment-3529541808
> > Should we redact when this message is written to the db (?) instead? That would also cover some more cases. It feels a bit weird to me redacting at this level. > > I think it's good in this case -> kwargs are really the only ones that can **potentially** leak secrets, and masking it here makes it way better because it also masks kwargs with sensitive names not only with sensitive values. I see it the same, screened code and found no other place where such problem appears. If we redact on this level we have less false-positives (having a secret term in the function signature name getting masked) as wel as no secret values are sent over API to write to DB. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
