Using raw passwords with ansible_password directly in playbooks deprecated?

34 views
Skip to first unread message

Matt Miller

unread,
Oct 30, 2020, 12:14:12 PM10/30/20
to Ansible Project
The reasoning behind not revealing username/passwords directly in playbooks is obvious and speaks for itself.

However, I am calling playbooks from an application that includes credential security/management, and provides credentials at runtime.

For this reason, including ansible_user/ansible_password directly in our playbook invocations works well.

My question ...

I seem to recall seeing something about this method of providing credentials has been tagged as deprecated, but now I can't find where it says so.  Is this method being deprecated, or am i mis-recollecting?

Thanks,
Matt

James Cassell

unread,
Oct 30, 2020, 12:41:06 PM10/30/20
to Ansible List
You're doing it properly. There is also ansible_ssh_pass, but that's been emphasized less in favor of the ansible_password transport-agnostic version.

V/r,
James Cassell

Matt Miller

unread,
Oct 30, 2020, 1:18:30 PM10/30/20
to Ansible Project
Hmmm.  I could of sworn I remembered seeing something to that affect.  Anyway, great to hear.

Thanks James!

Brian Coca

unread,
Nov 3, 2020, 10:49:36 AM11/3/20
to Ansible Project
both generic and specific will work (it is defined by each connection
plugin some even have many variations), just note that the specific
has greater precedence so if you use both with ssh, ansible_ssh_pass
will override ansible_password.



--
----------
Brian Coca

Reply all
Reply to author
Forward
0 new messages