Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Connection password not being masked in default logging
See original GitHub issuefrom airflow.hooks.base_hook import BaseHook
Basehook.get_connection('my_connection_id')
The second line prints out my connection details including the connection password in Airflow logs. Earlier connection passwords were masked by default.
https://airflow.apache.org/docs/apache-airflow/stable/_modules/airflow/hooks/base.html
The above statement is run for logging. Is there a way to disable to logging to not print Connection password in my logs?
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Masking passwords with empty connection ... - GitHub
When you have connections with empty passwords masking logs masks all ... I'm not sure how they ended up with every character being...
Read more >How to mask passwords/secret keys from being logged into ...
1. You need to set druid.startup.logging.maskProperties in the druid configuration properties file specifying the keywords which will be used to ...
Read more >K52154401: Masking data in the BIG-IP ASM request log
By default, the BIG-IP ASM system logs information about incoming requests to the request ... The setting does not mask the parameter name....
Read more >java - Connection properties like username and password are ...
Connection properties like username and password are getting printed in the Logs without masking. How to mask the password?(in Hibernate 2.1.6).
Read more >Masking sensitive data - Apache Airflow
Airflow will by default mask Connection passwords and sensitive Variables and keys from a Connection's extra (JSON) field when they appear in Task...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Glad that you sorted it out.
The logs are redacted specifically to account for task logs for users and UI visibility. This is by design, deliberate and documented.
Comment in our code:
Our documentation is very clear about this behaviour:
https://airflow.apache.org/docs/apache-airflow/stable/security/secrets/mask-sensitive-values.html
So I do not find it surprising really.
Also It would be quite unreasonble and possibly even not possible to expect that secret masking is “general feature” enabled whenever you run python interpreter and perform an entrypoint that might or might not initialize secret masking (this is what your expectation is about pretty much). This is a feature of “airflow” application, and not “running arbitrary part of airflow code”.
Sorry last follow up, adding the following code to my pytest conftest.py resolves the above
I gotta say I am surprised by this behavior. I did not expect the secrets to show up in the pytest logs by default.