fix(ingest): mask password in info-level logs (#2835)

metadata-ingestion/README.md

@@ -504,7 +504,7 @@ source:
     options: # options is same as above
       # See https://github.com/mxmzdlv/pybigquery#authentication for details.
       credentials_path: "/path/to/keyfile.json" # optional
-      include_views: True # whether to include views, defaults to True
+    include_views: True # whether to include views, defaults to True
     # table_pattern/schema_pattern is same as above
 ```
 

metadata-ingestion/src/datahub/entrypoints.py

@@ -71,7 +71,7 @@ def ingest(config: str) -> None:
     pipeline_config = load_config_file(config_file)
 
     try:
-        logger.info(f"Using config: {pipeline_config}")
+        logger.debug(f"Using config: {pipeline_config}")
         pipeline = Pipeline.create(pipeline_config)
     except ValidationError as e:
         click.echo(e, err=True)

metadata-ingestion/src/datahub/ingestion/source/sql_common.py

@@ -4,6 +4,7 @@ from dataclasses import dataclass, field
 from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Type
 from urllib.parse import quote_plus
 
+import pydantic
 from sqlalchemy import create_engine, inspect
 from sqlalchemy.engine.reflection import Inspector
 from sqlalchemy.sql import sqltypes as types
@@ -116,7 +117,7 @@ class SQLAlchemyConfig(ConfigModel):
 
 class BasicSQLAlchemyConfig(SQLAlchemyConfig):
     username: Optional[str] = None
-    password: Optional[str] = None
+    password: Optional[pydantic.SecretStr] = None
     host_port: str
     database: Optional[str] = None
     scheme: str
@@ -125,7 +126,7 @@ class BasicSQLAlchemyConfig(SQLAlchemyConfig):
         return make_sqlalchemy_uri(
             self.scheme,
             self.username,
-            self.password,
+            self.password.get_secret_value() if self.password else None,
             self.host_port,
             self.database,
             uri_opts=uri_opts,