apache/airflow

Never expose sensitive config values in UI

Open

#59860 opened on Dec 27, 2025

View on GitHub
 (5 comments) (0 reactions) (0 assignees)Python (44,809 stars) (16,781 forks)batch import
area:APIarea:UIgood first issue

Description

Body

Currently the expose config allows deployment manager to expose also sensitive data - when set to True https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#expose-config. The non-sensitive-only value causes sensitive field masking.

With the discussion mentioned in #59838 we agreed that we should never expose sensitive data over any public API where UI user can authenticate (only via task-sdk API where tasks get dedicated JWT token)

This means that:

  • Only True/False should be expected for expose-config and True means that sensitive fields are masked
  • We should add fallback - when "non-sensitive-data" is set for the parameter it should be treated as True and deprecation warning should be raised
  • newsfragment should be added explaining the behaviour change

Committer

  • I acknowledge that I am a maintainer/committer of the Apache Airflow project.

Contributor guide

Tech stack
python
Domain
backendsecurity
Issue type
security
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Basic understanding of Apache Airflow configurationPython development
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Investigate the current implementation of expose config in Airflow's configuration handling, likely in airflow/configuration.py or related modules. Review the discussion in issue #59838 for agreement on never exposing sensitive data. Implement changes to accept only True/False, treat 'non sensitive only' as True with deprecation warning, and add a newsfragment. Test the changes and ensure backward compatibility.