[
https://issues.apache.org/jira/browse/AIRFLOW-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15271398#comment-15271398
]
Chris Riccomini commented on AIRFLOW-45:
----------------------------------------
> I think we should have a configuration variable to hide/expose the encrypted
> values in the UI for both Variables and Connections. It should likely affect
> all Variables and/or Connections in a given Airflow installation and not be
> DAG specific.
This seems OK to me. So, current proposal is:
# Add a config param to airflow.cfg called hide_encrypted_ui_fields
# Default hide_encrypted_ui_fields to true
The hide_encrypted_ui_fields param would hide `passwords` and `extras` in the
hooks view, as well as the `value` of variables in the variables view.
Does that sound OK?
> Support hidden Airflow variables
> --------------------------------
>
> Key: AIRFLOW-45
> URL: https://issues.apache.org/jira/browse/AIRFLOW-45
> Project: Apache Airflow
> Issue Type: Improvement
> Components: security
> Reporter: Chris Riccomini
> Assignee: Matthew Chen
>
> We have a use case where someone wants to set a variable for their DAG, but
> they don't want it visible via the UI. I see that variables are encrypted in
> the DB (if the crypto package is installed), but the variables are still
> visible via the UI, which is a little annoying.
> Obviously, this is not 100% secure, since you can still create a DAG to read
> the variable, but it will at least keep arbitrary users from logging
> in/loading the UI and seeing the variable.
> I propose basically handling this the same way that DB hook passwords are
> handled. Don't show them in the UI when the edit button is clicked, but allow
> the variables to be editable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
