varaprasadregani opened a new pull request, #58515: URL: https://github.com/apache/airflow/pull/58515
## Description This PR updates the **Masking Sensitive Data** documentation to clarify that keys in a Connection's `extra` JSON field are not masked automatically unless they contain specific sensitive keywords. **Reason for Change:** Currently, the documentation states: *"Airflow will by default mask Connection passwords and keys from a Connection’s extra (JSON) field..."* This implies that **all** keys in the `extra` field are masked by default, which is misleading. In reality, masking is triggered only if the key name contains a substring from the default sensitive keyword list (e.g., `password`, `secret`, `token`). **Changes in this PR:** 1. **Updated Default Masking Text:** Explicitly states that masking depends on the key name containing a sensitive keyword. 2. **Added Keyword List:** Explicitly lists the default keywords (`access_token`, `api_key`, `passphrase`, etc.) so users know exactly what triggers the masking. 3. **Added Examples Table:** Added a table demonstrating the masking behavior across different scopes (Logs, UI, Rendered Templates) to differentiate between Connection `extra` JSON behavior and Variable behavior. closes: #58514 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
