Skip to content

Treat non-sensitive-only as true and always mask sensitive values in public api's #59880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jscheffl merged 7 commits into from
Jan 3, 2026
Merged

Treat non-sensitive-only as true and always mask sensitive values in public api's #59880

jscheffl merged 7 commits into from
Jan 3, 2026

Conversation

@pratyush0325
Copy link
Contributor

@pratyush0325 pratyush0325 commented Dec 29, 2025
edited
Loading

Summary

This PR updates the behavior of the public config API to ensure sensitive configuration values are never exposed.

Changes

  • Always mask sensitive configuration values, even when expose_config=True
  • Treat the deprecated value non-sensitive-only as True
  • Update tests to reflect the masking behavior
  • Update documentation and references to reflect the new config behavior
  • Added corresponding newsfragment (59880.bugfix.rst)

Tests

  • Updated unit tests to ensure sensitive values are always masked
  • Verified behavior for:
    • expose_config=True
    • expose_config=False
    • expose_config=non-sensitive-only

Closes: #59860

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@boring-cyborg
Copy link

boring-cyborg bot commented Dec 29, 2025

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our prek-hooks will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@boring-cyborg boring-cyborg bot added the area:API Airflow's REST/HTTP API label Dec 29, 2025
@potiuk
Copy link
Member

potiuk commented Dec 29, 2025

Let's see if CI agrees !

BasPH
BasPH reviewed Dec 30, 2025
View reviewed changes
@saifxyzyz saifxyzyz mentioned this pull request Jan 3, 2026
Closed
@jscheffl jscheffl merged commit c2e5bde into apache:main Jan 3, 2026
240 of 241 checks passed
@boring-cyborg
Copy link

boring-cyborg bot commented Jan 3, 2026

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

henry3260 pushed a commit to henry3260/airflow that referenced this pull request Jan 3, 2026
@pratyush0325 @potiuk
@BasPH @henry3260
Treat non-sensitive-only as true and always mask sensitive values in …
14e340b 
…public api's (apache#59880)

* Treat non-sensitive-only as true and always mask sensitive values in public APIs.

* Add newsfragment and update docs and client references for config masking

* newline error fixed - config.yml

* Update clients/python/README.md

Co-authored-by: Bas Harenslak <BasPH@users.noreply.github.com>

* CI image check resolved

* newline error in config.py fixed

---------

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Bas Harenslak <BasPH@users.noreply.github.com>
@nhuantho nhuantho mentioned this pull request Jan 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BasPH BasPH BasPH left review comments

@potiuk potiuk potiuk approved these changes

@ephraimbuddy ephraimbuddy ephraimbuddy approved these changes

@jscheffl jscheffl jscheffl approved these changes

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@rawwar rawwar Awaiting requested review from rawwar rawwar is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

@bugraoz93 bugraoz93 Awaiting requested review from bugraoz93 bugraoz93 is a code owner

@shubhamraj-git shubhamraj-git Awaiting requested review from shubhamraj-git shubhamraj-git is a code owner

Assignees

No one assigned

Labels

area:API Airflow's REST/HTTP API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pratyush0325 @potiuk @ephraimbuddy @BasPH @jscheffl