Connection sanitization
excelminer sanitizes common credential keys in connection strings before storing them in graph attributes.
Sanitized values are replaced with "***" and stored in connection.attrs.connection_kv.
Sensitive data handling
What is stored
- Workbook metadata + formula text.
- Power Query M code when present.
- Connection strings (sanitized + raw).
Recommended practices
- Disable connections with
include_connections=Falseif not needed. - Redact
connection.attrs.rawbefore sharing. - Treat output JSON as sensitive by default.
COM automation notes
Excel COM automation starts a real Excel instance in the background. Even in read-only mode, enterprise environments can show prompts or enforce add-ins/policies. Use isolated environments when processing sensitive workbooks.