Secrets from Airflow configuration are not masked in task logs #63921
Description
Apache Airflow version
3.1.8
If "Other Airflow 3 version" selected, which one?
No response
What happened?
Secrets from Airflow configuration are not masked in task logs if printed with stdlib or structlog.
This has to be culprit:
What you think should happen instead?
Secrets should be masked.
How to reproduce
- Run locally breeze
- Deploy DAG
import datetime from airflow import DAG from airflow.configuration import conf from airflow.providers.standard.operators.python import PythonOperator import structlog structlog_logger = structlog.get_logger() def _print(): for section, key in [ ("webserver", "secret_key"), ("api", "secret_key"), ("api_auth", "jwt_secret"), ]: print("print", section, key, conf.get(section, key, fallback=None)) structlog_logger.info("structlog " + section + " " + key + " " + conf.get(section, key, fallback="")) with DAG( dag_id="print_secrets", schedule=None, start_date=datetime.datetime(2010, 1, 1), catchup=False, ) as dag: operator = PythonOperator( dag=dag, task_id="task", python_callable=_print, ) - Observe secrets visible in the task logs (Airflow UI)
Example:
Operating System
Linux
Versions of Apache Airflow Providers
No response
Deployment
Docker-Compose
Deployment details
No response
Anything else?
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct