take the auth configuration and replace all values for allowed sensitive keys with masked versions
validate the deep copy where sensitive values are replaced
Assumption:
Authentication objects that are not dictionaries are expected not to print their sensitive values when __str__() is called.
Complexity:
The auth configuration allows both config dictionaries and specific classes. Thus, we need to do runtime type checks.
implementing polymorphic dispatch, e.g. auth_config.mask_secrets() for dicts that are also callable (HttpBasicAuth, BearerTokenAuth, APIKeyAuth) requires an update in the dlt core library. See implementation here: https://github.com/dlt-hub/dlt/issues/1474
Tell us what you do here
fixing a bug (please link a relevant bug report)
Short description
The masking of secrets works as follows:
authconfiguration and replace all values for allowed sensitive keys with masked versionsAssumption: Authentication objects that are not dictionaries are expected not to print their sensitive values when
__str__()is called.Complexity:
auth_config.mask_secrets()for dicts that are also callable (HttpBasicAuth, BearerTokenAuth, APIKeyAuth) requires an update in the dlt core library. See implementation here: https://github.com/dlt-hub/dlt/issues/1474Related Issues