Editing connection with sensitive extra field saves literal asterisks #52301
Description
Apache Airflow version
3.0.2 (actually 3.0.0+astro.2)
If "Other Airflow 2 version" selected, which one?
No response
What happened?
If an connection has an extra field with a name like "token" or other sensitive keyword, its value gets masked as "" when displayed. If you edit and save the connection (with or without any actual changes to any field), the extra field will get updated to a literal "".
What you think should happen instead?
Extra fields which are deemed sensitive should retain their original values when saving, if unmodified.
How to reproduce
- In the Airflow UI, add a new connection with any type, e.g. "http".
- In the "Extra Fields JSON" section, add a sensitive key/value pair such as
{"token": "abcde"}. - Save the connection.
- Confirm the value saved correctly in an unobfuscated way - for example
airflow connections export .... - Click to edit the connection. Note that the value for "token" in Extra Fields renders as "***".
- Save.
- Repeat step 4 and note that the value is now the literal "***".
Operating System
Debian GNU/Linux 12 (bookworm)
Versions of Apache Airflow Providers
apache-airflow-providers-http==5.3.0
apache-airflow-providers-standard==1.0.0
Deployment
Docker-Compose
Deployment details
Happens in Astronomer, as well as locally.
Anything else?
Happens always
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct