3

In one of my Ansible Playbooks, I use the vmware_guest module to create VMs on vCenter Server. When I run the Playbook on Ansible Tower using a job template and check the host events, I see the password in plain text

enter image description here

I didn't provide the password in plain text in the Playbook. In fact, it is stored in the 'Credentials' section of Ansible Tower where it is shown to be encrypted. The Job template is set to use this credential under 'Cloud Credentials'.

enter image description here

How can I avoid the password from being shown in the host events?

U880D
  • 8,601
  • 6
  • 24
  • 40
Chethan S.
  • 558
  • 2
  • 8
  • 28
  • 2
    Try to enter "no_log: true" We include_vars: with no_log: true. That hides them. – older coder Jan 26 '18 at 19:23
  • This is the approach even I ended up using after approaching Ansible Support. However, the concern is anyone can simply remove those lines. :( – Chethan S. Jan 29 '18 at 08:01
  • I believe the best way to learn is by answering questions on stackoverflow. So I apologize for my ignorance. What about Ansible Vault? I looking into it right now and I think it may help. – Michael Ababio Jul 20 '18 at 15:25
  • 1
    @ChethanS. It looks like you created a github issue for this awhile back. Were you able to get a resolution? https://github.com/ansible/ansible/issues/16811 – Michael Ababio Jul 20 '18 at 15:40

1 Answers1

0

It might be possible for you to Protecting sensitive data with no_log or some of hints under How can I stop Ansible from writing passwords to the logfiles?

U880D
  • 8,601
  • 6
  • 24
  • 40