Under which category would you file this issue?
Helm chart
Apache Airflow version
Any airflow version
What happened and how to reproduce it?
Hello, I dont know if it has been asked or what but couldn't find what I wanted.
in Airflow since sensitive credentials are stored via environment variables (meaning they are pulled securely during build but while it's already running), end users can have bashoperator and run printenv command and get all sensitive credentials regarding database, logging backends, secret backends etc which shouldnt be available for end users but admins only. Even if printenv is limited there are still other ways to get those credentials from environment.
I want to know what can I do in this scenario ?
What you think should happen instead?
Any command could potentially get sensitive credentials should be hidden or shouldnt have privilege to run specific list of commands
Operating System
Linux
Deployment
Official Apache Airflow Helm Chart
Apache Airflow Provider(s)
No response
Versions of Apache Airflow Providers
No response
Official Helm Chart version
1.21.0
Kubernetes Version
1.34.3
Helm Chart configuration
No response
Docker Image customizations
No response
Anything else?
No response
Are you willing to submit PR?
Code of Conduct
Under which category would you file this issue?
Helm chart
Apache Airflow version
Any airflow version
What happened and how to reproduce it?
Hello, I dont know if it has been asked or what but couldn't find what I wanted.
in Airflow since sensitive credentials are stored via environment variables (meaning they are pulled securely during build but while it's already running), end users can have bashoperator and run
printenvcommand and get all sensitive credentials regarding database, logging backends, secret backends etc which shouldnt be available for end users but admins only. Even if printenv is limited there are still other ways to get those credentials from environment.I want to know what can I do in this scenario ?
What you think should happen instead?
Any command could potentially get sensitive credentials should be hidden or shouldnt have privilege to run specific list of commands
Operating System
Linux
Deployment
Official Apache Airflow Helm Chart
Apache Airflow Provider(s)
No response
Versions of Apache Airflow Providers
No response
Official Helm Chart version
1.21.0
Kubernetes Version
1.34.3
Helm Chart configuration
No response
Docker Image customizations
No response
Anything else?
No response
Are you willing to submit PR?
Code of Conduct