def test_masking_from_db(self): """Test secrets are masked when loaded directly from the DB""" from airflow.settings import Session session = Session() try: conn = Connection( conn_id=f"test-{os.getpid()}", conn_type="http", password="******", extra='{"apikey":"masked too"}', ) session.add(conn) session.flush() # Make sure we re-load it, not just get the cached object back session.expunge(conn) self.mask_secret.reset_mock() from_db = session.query(Connection).get(conn.id) from_db.extra_dejson assert self.mask_secret.mock_calls == [ # We should have called it _again_ when loading from the DB mock.call("s3cr3t"), mock.call({"apikey": "masked too"}), ] finally: session.rollback()