apache/airflow

Update Security model documentation to explain our approach for sensitive data exposure over API

Open

#59839 opened on Dec 27, 2025

View on GitHub
 (8 comments) (0 reactions) (0 assignees)Python (44,809 stars) (16,781 forks)batch import
good first issuekind:documentation

Description

Body

We should update the security model to explain the policy around exposing the sensitive data.

Committer

  • I acknowledge that I am a maintainer/committer of the Apache Airflow project.

Contributor guide

Tech stack
pythonrest api
Domain
documentationsecurity
Issue type
documentation
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Knowledge of Airflow security modelUnderstanding of REST APIs
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Examine the current security model documentation in the Airflow repository. Identify sections related to API sensitive data exposure. Review comments in the issue for specific guidance from maintainers. Propose updates to clarify the policy on exposing sensitive data via API.