Largely agreed, a few questions/comments: 2. Import could stay. It’s a bulk create — it does no harm in existing, so I don’t see why we should remove it
3. Just to clarify (what I assume you mean) no sensitive/unredacted data should be sent over the API, so the this is not airflowctl’s responsibility to care about, just a statement of intent/behaviour, yes? 5. I might say we should show some values (host, port etc) just not anything sensitive without an extra flag — just listing connection ids or everything seems like to far to either extreme. -a > On 3 Nov 2025, at 19:16, Jarek Potiuk <[email protected]> wrote: > > 1) we want to make it crystal clear that no APIs ever expose sensitive data > > 2) that means that we should remove export (and likely import) via UI - and > leave a comment that export/import is only available via local CLI > > 3) the "sensitive data not exposed over API" is also present in airflow-ctl > - this means that airflow-ctl should never expose sensitive data (including > connections, variables, config) > > 4) the "expose config" [5] - will only accept "*false*" and " > *non-sensitive-only*". The "true" will be rejected. > > 5) local CLI ** list* (connections, variables, config) only by default > returns "keys" - and it will only return values when `*--show-values*` is > passed as command line option (with clear comment in help that this option > **might** show sensitive data, also when we do `** list*` command without > `--show-values` we emit stderr output explaining that potentially sensitive > data is hidden and you need to specify `--show-values` to see them > > 6) the ** get* commands are unaffected (those are more likely already used > as CLI API > > 7) we remove *connections list --conn-id *as it is equivalent to *connections > get *
