Variables containing passwords - Filtering

[Simone Bovi]

Hello,

I would like to share a feature idea: how about filtering passwords defined in variables in a way that they are never put through output or red/blue logs?

It seems that at this time is filtered only output where "password=something", "login_password=something" or patterns like "user:pass@foo/whatever" are found. By the way, also these features seem to not work properly.

Another solution could be to enable "no_log=True" parameter but only few modules seem to support it.

Thanks in advance.

[Michael DeHaan]

This has been discussed about 5 times over the last 3 days :)

Yes, we would like to enable the "no_log: True" attribute on a task to alter the way the callback outputs data.  (or rather, the info passed to the callback should be trimmed in that case)

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5f05ebc8-b89c-467f-af29-9efa78ca553d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

Right now no_log: True is controlling remote syslog, the proposal is to make it also control the data passed to callbacks.