implements secret masking for auth helpers

[willi-mueller]

Description

Related Issues

Follow-up to #1474

Additional Context

[netlify]

✅ Deploy Preview for dlt-hub-docs ready!

Name	Link
🔨 Latest commit	e9fcc38
🔍 Latest deploy log	https://app.netlify.com/sites/dlt-hub-docs/deploys/66a79141cf66830008eb69ee
😎 Deploy Preview	https://deploy-preview-1643--dlt-hub-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[sh-rp]

I know this is not ready for review yet, but I think a better approach would be to use introspection to find the parts of a config that are secrets (they will be annotated as secrets) and then mask those. Another thing we could potentially do is to save all secrets that were retrieved from any of the providers in a list somewhere and just clean all log messages with regexes, this might be a bit slow though..

So in short: Some implementation where we do not need to take care of every individual secret in any config would be good.

[willi-mueller]

I know this is not ready for review yet, but I think a better approach would be to use introspection to find the parts of a config that are secrets (they will be annotated as secrets) and then mask those. Another thing we could potentially do is to save all secrets that were retrieved from any of the providers in a list somewhere and just clean all log messages with regexes, this might be a bit slow though..

So in short: Some implementation where we do not need to take care of every individual secret in any config would be good.

Thank you, that's helpful!

We have this PR for review where we mask the sensitive fields of known classes and config values: dlt-hub/verified-sources#542. Is this better?

[sh-rp]

@sh-rp we need to make sure no secrets leak on validation and no secrets leak when calling __str__ on a ConfigurationObject.

[sh-rp]

closing in favor of this implementation: #2027