Skip to content

Fix JWT tokens appearing in task logs#62467

Closed
Eason09053360 wants to merge 1 commit intoapache:mainfrom
Eason09053360:Fix-JWT-tokens-appearing-in-task-logs
Closed

Fix JWT tokens appearing in task logs#62467
Eason09053360 wants to merge 1 commit intoapache:mainfrom
Eason09053360:Fix-JWT-tokens-appearing-in-task-logs

Conversation

@Eason09053360
Copy link
Contributor

@Eason09053360 Eason09053360 commented Feb 25, 2026
edited
Loading

use repr=False prevents sensitive data from being accidentally exposed in development, testing, or production environment

closes: #62428

Was generative AI tooling used to co-author this PR?
  • Yes (please specify the tool below)
  • Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
  • For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
  • When adding dependency, check compliance with the ASF 3rd Party License Policy.
  • For significant user-facing changes create newsfragment: {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@boring-cyborg boring-cyborg bot added the area:Executors-core LocalExecutor & SequentialExecutor label Feb 25, 2026
@Eason09053360 Eason09053360 marked this pull request as ready for review February 25, 2026 13:53
pierrejeambrun
pierrejeambrun previously approved these changes Feb 25, 2026
View reviewed changes
@pierrejeambrun pierrejeambrun added this to the Airflow 3.1.8 milestone Feb 25, 2026
@pierrejeambrun pierrejeambrun added the backport-to-v3-1-test Mark PR with this label to backport to v3-1-test branch label Feb 25, 2026
@pierrejeambrun
Copy link
Member

pierrejeambrun commented Feb 25, 2026
edited
Loading

We should probably fix the underlying cause which is 'why is the secret masker not masking the token'. Most chances are it's because the ExecuteTask is first redacted (unknown object nothing happens) and then serialized, therefore the jwt remains.

I asked more information on the related issue. I cannot reproduce on my end without more details.

@pierrejeambrun pierrejeambrun dismissed their stale review February 25, 2026 15:43

Need more information

@ashb
Copy link
Member

ashb commented Feb 25, 2026

This JWT token should, I think, never appear in task logs, because the Task itself never gets the actual JWT? It's not passed down/on to the task subprocess.

@ashb
Copy link
Member

ashb commented Feb 25, 2026

Closing in favour of #62129

@ashb ashb closed this Feb 25, 2026
@vatsrahul1001 vatsrahul1001 removed this from the Airflow 3.1.8 milestone Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pierrejeambrun pierrejeambrun pierrejeambrun left review comments

@XD-DENG XD-DENG Awaiting requested review from XD-DENG XD-DENG is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@o-nikolas o-nikolas Awaiting requested review from o-nikolas o-nikolas is a code owner

@hussein-awala hussein-awala Awaiting requested review from hussein-awala hussein-awala is a code owner

@dheerajturaga dheerajturaga Awaiting requested review from dheerajturaga dheerajturaga is a code owner

Assignees

No one assigned

Labels

area:Executors-core LocalExecutor & SequentialExecutor backport-to-v3-1-test Mark PR with this label to backport to v3-1-test branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

JWT tokens appearing in task logs

4 participants

@Eason09053360 @pierrejeambrun @ashb @vatsrahul1001