abhijeets25012-tech opened a new pull request, #59923:
URL: https://github.com/apache/airflow/pull/59923
This PR updates the Airflow CLI to align with the agreed security model,
ensuring that sensitive values are not exposed by default, as discussed in
meta-issue #59838.
### What this PR does
- `airflow connections list`, `airflow variables list`, and `airflow config
list` no longer display values by default
- Default output is limited to keys/identifiers only
- CLI help text and stderr messages now clearly explain that:
- Sensitive data is intentionally hidden
- Values are only shown when the `--show-values` flag is explicitly used
- `get` commands remain unchanged, as they are already considered explicit
access points
### Why this change is needed
- Prevents accidental exposure of credentials and secrets in terminals,
logs, and CI pipelines
- Brings CLI behavior in line with REST API and UI security practices
- Makes the security model explicit and predictable for users
- Follows the principle of least surprise, requiring deliberate action to
view sensitive data
### Scope and compatibility
- No breaking changes to existing CLI APIs
- Default behavior is safer, explicit access remains available
- No impact on `task-sdk` or internal APIs
### Related issues
- related: #59838
- related: #59844
- related: #59845
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
