Is sensitive data written to disk on the remote side?

[Diego Morales]

Hello all,

I don't wanna sound like a security paranoid-freak (which I am not), but I wonder:

I read in the docs that ansible copies modules to the remote machine, do its magic, and removes them before finishing. Does it copy/removes playbooks and vars files (potentially containing sensitive data about *other hosts*) as well? Does ansible vault make a difference for that matter?

Thanks in advance!

[Michael DeHaan]

First off, playbooks on the working tree never get transferred to the remote side.

What is happening with the modules is transfers the module and the rm command to clean it up gets sent along right with the command to execute the module.

There's also the "no_log" attribute to surpress remote syslog (and in 1.8, also local output).

vault encrypts files on the control machine but does not affect what happens on the remotes.

(In the future, I'd like to see Runner refactorings ship JSON as stdin versus in the module data, which is likely to happen soonish and won't require any module source code changes)

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2c1866be-45f7-4893-83f7-d29c00c22bc0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.