Skip to content

Add function to suppress parameter output of sensitive information #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add function to suppress parameter output of sensitive information #817

wants to merge 2 commits into from

Conversation

@yacchin1205
Copy link

@yacchin1205 yacchin1205 commented Mar 3, 2025
edited
Loading

What does this PR do?

Fixes #706 - I believe it would be good if secret information contained in the parameters was masked with a string like ******.

Obfuscation of sensitive parameters

By applying this pull request, papermill will obfuscate the value stored in the injected-parameters cell and notebook metadata for parameters that contain strings like token and secret. I have not implemented obfuscation of these parameters in the output cell because it is not simple to do so and I assume it would have a significant impact.
For security reasons, I considered that it would be better to enable obfuscation by default. So I added the option --no-obfuscate-sensitive-parameters to turn it off.

In addition, the parameters that should be marked as sensitive are listed in papermill.utils.SENSITIVE_PARAMETER_PATTERNS. The --sensitive-parameter-patterns option can be used to customize the list.
@yacchin1205 yacchin1205 marked this pull request as ready for review March 3, 2025 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@yacchin1205