SibtainOcn commented on PR #62964: URL: https://github.com/apache/airflow/pull/62964#issuecomment-4008037924
Thanks for the review @kaxil! I considered the `SecretStr` approach from @zach-overflow's suggestion on #62782. The tradeoff: **`SecretStr`** changes the field type from `str` to `SecretStr`, which means every call site that reads `workload.token` (there are 6 — including Python executors, the Go SDK, and edge providers) would need to change to `workload.token.get_secret_value()`. It also affects JSON serialization behavior. **`Field(repr=False)`** achieves the same repr-redaction goal with zero breaking changes — the token stays a plain `str`, all existing code continues working, and it's excluded from `__repr__` output (which is where the log leak occurs). That said, if you prefer `SecretStr` for stronger guarantees (it also redacts in `.model_dump()`), I'm happy to update and adjust the downstream call sites. Just let me know which direction you'd like! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
