papermill icon indicating copy to clipboard operation
papermill copied to clipboard
verified publisher icon nteract

Add function to suppress parameter output of sensitive information

Open yacchin1205 opened this issue 10 months ago • 0 comments

What does this PR do?

Fixes #706 - I believe it would be good if secret information contained in the parameters was masked with a string like ******.

Obfuscation of sensitive parameters

By applying this pull request, papermill will obfuscate the value stored in the injected-parameters cell and notebook metadata for parameters that contain strings like token and secret. I have not implemented obfuscation of these parameters in the output cell because it is not simple to do so and I assume it would have a significant impact. For security reasons, I considered that it would be better to enable obfuscation by default. So I added the option --no-obfuscate-sensitive-parameters to turn it off.

In addition, the parameters that should be marked as sensitive are listed in papermill.utils.SENSITIVE_PARAMETER_PATTERNS. The --sensitive-parameter-patterns option can be used to customize the list.

yacchin1205 avatar Mar 03 '25 10:03 yacchin1205