GitHub user user1500177 added a comment to the discussion: How to Mask
Passwords in Superset Action Log (DatabaseRestApi.import_)
@dosu
But this seems to be working fine with this code and such masking is also
appeining inside the json field as show nin the screenshot, (My only doubt is
that as i did remove the records in the conditional, will it skip some log
entries ?)
CODE
class MaskPasswordsEventLogger(DBEventLogger):
def _mask_sensitive(self, data):
try:
if isinstance(data, dict):
return {
k: (
"***MASKED***" if k.lower() in {"password",
"passwords", "db_password", "access_token", "secret"}
else self._mask_sensitive(v)
)
for k, v in data.items()
}
elif isinstance(data, list):
return [self._mask_sensitive(item) for item in data]
else:
return data
except Exception as e:
import logging
logging.warning(f"Error masking sensitive data: {e}")
return data
def log(self, user_id, action, *args, **kwargs):
try:
# Mask sensitive fields in kwargs before passing to DBEventLogger
masked_kwargs = self._mask_sensitive(kwargs)
super().log(user_id, action, *args, **masked_kwargs)
except Exception as e:
import logging
logging.warning(f"Error in custom event logger: {e}")
EVENT_LOGGER = MaskPasswordsEventLogger()
<img width="1376" height="157" alt="image"
src="https://github.com/user-attachments/assets/de38887a-7dbc-4752-8350-988d7e4c7e9f";
/>
GitHub link:
https://github.com/apache/superset/discussions/35415#discussioncomment-14580821
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
