Lay consensus has been reached. On Mon, Nov 17, 2025 at 11:07 PM Jarek Potiuk <[email protected]> wrote: > > This is calling for a consensus on the way we treat exposing sensitive > data over API (in short "NO SENSITIVE DATA EXPOSED"). > > Discussion here: > > https://lists.apache.org/thread/c79668yh42m5g7f7xck3oh6vft0z2kb6 > > The consensus will be reached (unless someone objects) on Thursday > 20th of November, 2025, 23:30 CET. > > Summary: > > 1) we want to make it crystal clear that no APIs ever expose sensitive data > > 2) we should remove export (import can stay) via UI - and leave a > comment that export is only available via local CLI > > 3) the "sensitive data not exposed over API" is also present in > airflow-ctl - this means that airflow-ctl should never expose > sensitive data (including connections, variables, config, export) > > 4) the "expose config" [5] - will only accept "false" and > "non-sensitive-only". The "true" will be rejected. > > There is also an impact to local CLI, even if local CLI user has > access to all data anyway: > > 5) local CLI * list (connections, variables, config) only by default > returns "keys" - and it will only return values when `--show-values` > is passed as command line option (with clear comment in help that this > option **might** show sensitive data, also when we do `* list` command > without `--show-values` we emit stderr output explaining that > potentially sensitive data is hidden and you need to specify > `--show-values` to see them > > 6) the local CLI * get commands are unaffected (those are more likely > already used as CLI API > > 7) we remove connections list --conn-id as it is equivalent to connections get > > Again:he consensus will be reached (unless someone objects) on > Thursday 20th of November, 2025, 23:30 CET. > > J.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
