dheerajturaga commented on PR #62843: URL: https://github.com/apache/airflow/pull/62843#issuecomment-4007975548
> > > Thanks for the PR @dheerajturaga I don't thinks this should be default. It is because when something print to console, there is a possibility of Security tools caught the token from running CLIs and can be counted as token leak in this case and should be invalidated. > > > Maybe we can have --debug-token and also add description please don't use it in production environments only local for debugging > > > > > > @bugraoz93, what do you think about the following implementation > > **default behavior:** Write token to `$AIRFLOW_HOME/airflow_cli_token` (ensure the file has permissions 600) > > **Token file input:** if token file can be provided as input aswell `--token_file` and it would write it there. > > **stdout:** if `--print-to-stdout` then we can print the token to stdout > > AIRFLOW_CLI_DEBUG_MODE should cover this case for file and token should be readable :) > > https://github.com/apache/airflow/blob/7a8a1c3cb896ee66bb144ad28a2918ac9610492b/airflow-ctl/src/airflowctl/api/client.py#L176 @bugraoz93, in that case just add an additional option `--debug-token` to print to the screen? That also is fine and will simplify the implementation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
