dabla commented on PR #68377:
URL: https://github.com/apache/airflow/pull/68377#issuecomment-4680165209
Claude propose to change mask_secret to something like this, but dunno if
this is a good idea:
```
def mask_secret(secret: JsonValue, name: str | None = None) -> None:
"""
Mask a secret in both task process and supervisor process.
For secrets loaded from backends (Vault, env vars, etc.), this ensures
they're masked in both the task subprocess AND supervisor's log output.
Works safely in both sync and async contexts.
When called from an async context (event loop running), the supervisor
notification is scheduled as a fire-and-forget coroutine via
:func:`asyncio.ensure_future` so the event loop is never blocked.
"""
import asyncio
from contextlib import suppress
from airflow.sdk._shared.secrets_masker import _secrets_masker
_secrets_masker().add_mask(secret, name)
with suppress(Exception):
# Try to tell supervisor (only if in task execution context)
from airflow.sdk.execution_time import task_runner
from airflow.sdk.execution_time.comms import MaskSecret
if comms := getattr(task_runner, "SUPERVISOR_COMMS", None):
msg = MaskSecret(value=secret, name=name)
try:
asyncio.get_running_loop()
# We're on the event loop thread — must not call blocking
send() here.
# Schedule asend() as a fire-and-forget task; MaskSecret
needs no response.
asyncio.ensure_future(comms.asend(msg))
except RuntimeError:
# No running event loop — safe to call sync send().
comms.send(msg)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
