Skip to content

[api] Add logic redacted sensitive fields via the Public API and UI #59873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
potiuk merged 10 commits into from
Jan 5, 2026
Merged

[api] Add logic redacted sensitive fields via the Public API and UI #59873

potiuk merged 10 commits into from
Jan 5, 2026

Conversation

@nhuantho
Copy link
Contributor

@nhuantho nhuantho commented Dec 28, 2025
edited
Loading

closes: 59842

What:

  • When I checked UI, I saw some sensitive values that were not marked
  • image
  • image

How:

  • Add logic to redact sensitive values

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@boring-cyborg boring-cyborg bot added the area:API Airflow's REST/HTTP API label Dec 28, 2025
@potiuk
Copy link
Member

potiuk commented Dec 28, 2025

That's far too much. There are just a few API calls that return potentially sensitive data: config, variables, connections, related export (should be removed)/import (should mention that export can only be done via local CLI) features in UI. Only those are affected - there is absolutely no need to redact all possible Pydantic models. Just checking that APIs and UI displaying it are handling masked data well and that that proper

jason810496
jason810496 reviewed Dec 29, 2025
View reviewed changes
Copy link
Member

@jason810496 jason810496 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's far too much. There are just a few API calls that return potentially sensitive data: config, variables, connections, related export (should be removed)/import (should mention that export can only be done via local CLI) features in UI. Only those are affected - there is absolutely no need to redact all possible Pydantic models. Just checking that APIs and UI displaying it are handling masked data well and that that proper

Yes, maybe searching 'connection', 'config' and 'variable' across the api_fastapi directory would be enough. Thanks!

@nhuantho
Copy link
Contributor Author

nhuantho commented Dec 29, 2025

@potiuk, @jason810496, I tested connection, config, and variable, so I think I only need to modify logic of API for:

  • image
  • image
  • So, I will commit soon.

@nhuantho nhuantho force-pushed the api/redacted-sensitive-fields branch 3 times, most recently from 84af972 to 41368cd Compare December 29, 2025 18:06
@nhuantho nhuantho requested a review from jason810496 December 29, 2025 18:41
@jason810496 jason810496 mentioned this pull request Dec 30, 2025
Closed
jason810496
jason810496 reviewed Dec 30, 2025
View reviewed changes
Copy link
Member

@jason810496 jason810496 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your update!

@nhuantho nhuantho force-pushed the api/redacted-sensitive-fields branch from 41368cd to 009d932 Compare December 30, 2025 16:50
@nhuantho nhuantho requested a review from jason810496 December 30, 2025 18:43
@nhuantho nhuantho force-pushed the api/redacted-sensitive-fields branch from 73e5b19 to 6d4aa1d Compare December 30, 2025 19:21
@abhijeets25012-tech
Copy link

abhijeets25012-tech commented Jan 2, 2026

“I see there is already a PR in progress.
Is there any remaining part or follow-up task I can help with?”

@nhuantho
Copy link
Contributor Author

nhuantho commented Jan 2, 2026

@abhijeets25012-tech, I think that it is enough for this task.

jason810496
jason810496 reviewed Jan 2, 2026
View reviewed changes
Copy link
Member

@jason810496 jason810496 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it is enough for this task.

Yes, only the final nit then the PR is good to go.

@nhuantho
Copy link
Contributor Author

nhuantho commented Jan 2, 2026

@jason810496, I had two tests for this case:

  • input: {"secret_key": "test-secret_key"} -> expected: {"secret_key": "***"} (sensitive data)
  • input: {"extra_fields": "test-extra_fields"} -> expected: {"extra_fields": "test-extra_fields"} (normal data)

-> So I think that it is correct to pass.

@nhuantho nhuantho requested a review from jason810496 January 2, 2026 15:36
jason810496
jason810496 reviewed Jan 3, 2026
View reviewed changes
Copy link
Member

@jason810496 jason810496 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

input: {"extra_fields": "test-extra_fields"} -> expected: {"extra_fields": "test-extra_fields"} (normal data)

I see, thanks for the clarification.

@nhuantho
Copy link
Contributor Author

nhuantho commented Jan 4, 2026
edited
Loading

Hi @jason810496, @potiuk, this pr (59880) handles not exposing sensitive fields of config via API. So, it is redundant to redact at ConfigOption model of api. I can remove redact in airflow-core/src/airflow/api_fastapi/core_api/datamodels/config.py. It is the cause of the failed tests

@nhuantho nhuantho force-pushed the api/redacted-sensitive-fields branch from 1738881 to 40accff Compare January 4, 2026 21:16
@nhuantho nhuantho requested a review from jason810496 January 4, 2026 21:16
jason810496
jason810496 approved these changes Jan 5, 2026
View reviewed changes
Copy link
Member

@jason810496 jason810496 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

handles not exposing sensitive fields of config via API. So, it is redundant to redact at ConfigOption model of api. I can remove redact in airflow-core/src/airflow/api_fastapi/core_api/datamodels/config.py. It is the cause of the failed tests

Thanks for sharing the context. If this is the case, then I think the PR is good to go. Thanks!

@nhuantho nhuantho mentioned this pull request Jan 5, 2026
Closed
@potiuk potiuk force-pushed the api/redacted-sensitive-fields branch from ace135b to fea3b36 Compare January 5, 2026 22:03
@potiuk
Copy link
Member

potiuk commented Jan 5, 2026

I rebased the PR there was an airflowctl failure, let's see if it was intermittent

@potiuk potiuk merged commit 4eb6170 into apache:main Jan 5, 2026
126 checks passed
@nhuantho nhuantho deleted the api/redacted-sensitive-fields branch January 6, 2026 01:25
chirodip98 pushed a commit to chirodip98/airflow-contrib that referenced this pull request Jan 9, 2026
@nhuantho @jason810496 @chirodip98
[api] Add logic redacted sensitive fields via the Public API and UI (a…
086c1f4 
…pache#59873)

* Marked sensitive value in config API

* Ignore tuple type

* Marked sensitive value in Connection UI API

* Fix mypy

* Fix ruff check

* fix redact_value of ConfigOption

* Fix mypy

* Add a test with dict value inclue sensitive and normal fields

* Fix logic after pr 59880

* Remove print in test_connections.py

---------

Co-authored-by: nhuan.bc <[email protected]>
Co-authored-by: Jason(Zhe-You) Liu <[email protected]>
stegololz pushed a commit to stegololz/airflow that referenced this pull request Jan 9, 2026
@nhuantho @jason810496 @stegololz
[api] Add logic redacted sensitive fields via the Public API and UI (a…
cb6568f 
…pache#59873)

* Marked sensitive value in config API

* Ignore tuple type

* Marked sensitive value in Connection UI API

* Fix mypy

* Fix ruff check

* fix redact_value of ConfigOption

* Fix mypy

* Add a test with dict value inclue sensitive and normal fields

* Fix logic after pr 59880

* Remove print in test_connections.py

---------

Co-authored-by: nhuan.bc <[email protected]>
Co-authored-by: Jason(Zhe-You) Liu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@potiuk potiuk potiuk approved these changes

@bugraoz93 bugraoz93 bugraoz93 approved these changes

@jason810496 jason810496 jason810496 approved these changes

@ashb ashb Awaiting requested review from ashb

@kaxil kaxil Awaiting requested review from kaxil

@amoghrajesh amoghrajesh Awaiting requested review from amoghrajesh

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy ephraimbuddy is a code owner

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@rawwar rawwar Awaiting requested review from rawwar rawwar is a code owner

@shubhamraj-git shubhamraj-git Awaiting requested review from shubhamraj-git shubhamraj-git is a code owner

Assignees

No one assigned

Labels

area:API Airflow's REST/HTTP API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove config access for sensitive data from API /UI

5 participants

@nhuantho @potiuk @abhijeets25012-tech @bugraoz93 @jason810496