[v2-10-test] docs: clarify which fields are masked in the UI (#45417) (#45418)

The word 'contains' was used slightly confusingly here: it was meant to mean
'the name field contains any of these strings', but you could also read it as
'the name itself contains any of these strings'. This removes any
ambiguity.
(cherry picked from commit f03b1d4)

Co-authored-by: Arnout Engelen <[email protected]>

Author: github-actions[bot]

docs/apache-airflow/security/secrets/mask-sensitive-values.rst

@@ -39,9 +39,9 @@ When masking is enabled, Airflow will always mask the password field of every Co
 task.
 
 It will also mask the value of a Variable, rendered template dictionaries, XCom dictionaries or the
-field of a Connection's extra JSON blob if the name contains
-any words in ('access_token', 'api_key', 'apikey', 'authorization', 'passphrase', 'passwd',
-'password', 'private_key', 'secret', 'token'). This list can also be extended:
+field of a Connection's extra JSON blob if the name is in the list of known-sensitive fields (i.e. 'access_token',
+'api_key', 'apikey', 'authorization', 'passphrase', 'passwd', 'password', 'private_key', 'secret' or 'token').
+This list can also be extended:
 
 .. code-block:: ini