-
Feature Request
-
Resolution: Duplicate
-
Major
-
None
-
2.4, 2.5
-
False
-
-
False
- What is the nature and description of the request?
We urgently need a solution to safeguard sensitive variables from being displayed in the output of our Ansible playbook executions. Despite employing the no_log setting on tasks containing these variables, our developers can easily expose them using debug statements. - Why does the customer need this? (List the business requirements here)
- This enhancement is vital due to the inherent security risks associated with exposing sensitive data, which can be easily accessed by developers, potentially compromising the integrity of our systems.
- Enhanced security: It's imperative to prevent the inadvertent exposure of critical variables, including authentication credentials.
- Accessibility: We need a solution that empowers solution admins to efficiently manage this security layer.
- How would you like to achieve this? (List the functional requirements here)
To address this, we propose introducing an environment variable (e.g., ANSIBLE_PROTECTED_VARIABLES) to specify which variables should be redacted. Furthermore, adapting the AWX_DISPLAY.py stdout callback to utilize this environment variable list for replacing variable values with a predefined string (e.g., "REDACTED") will provide solution admins with the necessary tools to manage sensitive data exposure efficiently.
- duplicates
-
-
- Backlog
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is related to
-
-
- Backlog
-
