You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
When BaseHook.get_connection(conn_id) function is used webserver log contains exposed credentials.
In the webserver log is unmasked password if AF 2.1.x is used, e.g.: [2021-07-15 10:08:21,074: INFO/ForkPoolWorker-31] Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: value, extra: None
The same code in 1.10.15 sends to the log masked password, e.g.: [2021-07-15 09:26:32,557] {{base_hook.py:89}} INFO - Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: XXXXXXXX, extra: None
What you expected to happen:
Password (may be extras as well) to be masked in the log.
How to reproduce it:
Use BaseHook.get_connection(conn_id) in a DAG to get connection and check the output on the webserver.
Anything else we need to know:
The text was updated successfully, but these errors were encountered:
Apache Airflow version: 2.1.2
Kubernetes version (if you are using kubernetes) (use
kubectl version
): v1.16.7Environment:
uname -a
):Linux airflow 4.4.232-1.el7.elrepo.x86_64 #1 SMP Fri Jul 31 11:49:26 EDT 2020 x86_64 GNU/Linux
What happened:
When
BaseHook.get_connection(conn_id)
function is used webserver log contains exposed credentials.In the webserver log is unmasked password if AF 2.1.x is used, e.g.:
[2021-07-15 10:08:21,074: INFO/ForkPoolWorker-31] Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: value, extra: None
The same code in 1.10.15 sends to the log masked password, e.g.:
[2021-07-15 09:26:32,557] {{base_hook.py:89}} INFO - Using connection to: id: airflow. Host: host, Port: None, Schema: , Login: user, Password: XXXXXXXX, extra: None
What you expected to happen:
Password (may be extras as well) to be masked in the log.
How to reproduce it:
Use
BaseHook.get_connection(conn_id)
in a DAG to get connection and check the output on the webserver.Anything else we need to know:
The text was updated successfully, but these errors were encountered: