Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-5268

RH294-162: When using ansible-vault secrets can be exposed in output.

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • AU294 - RHAAP2.X NEXT
    • RH294 - RHEL9.0-en-1-20221012, RH294 - RHEL 8.4 1 20210818, RH294 - RHEL 8 1 20190531
    • RH294
    • None
    • 3
    • en-US (English)

      URL:
      Reporter RHNID:
      Section: -
      Language: en-US (English)||||||||
      Workaround:

      Description: Secrets can be exposed in the output for multiple reasons (like adjusting verbosity, logging into the file, ....).
      The way to deal with that problem is to tell students to user no_log: true in such situation.
      I suggest to just copy&paste from https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook

      If you have a task that you don’t want to show the results or command given to it when using -v (verbose) mode, the following task or playbook attribute can be useful:

      • - name: secret task
  shell: /usr/bin/do_something --value={{ secret_value }}
  no_log: True

      and include the link.

              glsbugs-automation@redhat.com PTL - Ansible Team
              dpuchalak Dariusz Puchalak (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: