From f03b1d4d996cf2b3f62c21f8c6a38aa53ba1e3be Mon Sep 17 00:00:00 2001 From: Arnout Engelen Date: Mon, 6 Jan 2025 10:19:11 +0100 Subject: [PATCH] docs: clarify which fields are masked in the UI (#45417) The word 'contains' was used slightly confusingly here: it was meant to mean 'the name field contains any of these strings', but you could also read it as 'the name itself contains any of these strings'. This removes any ambiguity. --- .../security/secrets/mask-sensitive-values.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst index 1c3974a3ff856..a66900f3dcdad 100644 --- a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst +++ b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst @@ -39,9 +39,9 @@ When masking is enabled, Airflow will always mask the password field of every Co task. It will also mask the value of a Variable, rendered template dictionaries, XCom dictionaries or the -field of a Connection's extra JSON blob if the name contains -any words in ('access_token', 'api_key', 'apikey', 'authorization', 'passphrase', 'passwd', -'password', 'private_key', 'secret', 'token'). This list can also be extended: +field of a Connection's extra JSON blob if the name is in the list of known-sensitive fields (i.e. 'access_token', +'api_key', 'apikey', 'authorization', 'passphrase', 'passwd', 'password', 'private_key', 'secret' or 'token'). +This list can also be extended: .. code-block:: ini