I would recommend setting 'no_log: True' on your task. Then the contents of the items will be suppressed. We do this with 'secrets' and with tasks that loop over data sets that have overly large strings or values.
There is some additional information at: http://docs.ansible.com/faq.html#how-do-i-keep-secret-data-in-my-playbook On Thu, Oct 2, 2014 at 9:42 AM, Josh Smift <[email protected]> wrote: > We want to with_items over a set of variables with private data in them, > like AWS keys. This causes us to get output like > > TASK: [ourtask | template .s3cfg] ************************************ > changed: [host1] => (item={'access_key': 'my-access-id', 'secret_key': > 'my-secret-key', 'name': 'me'}) > changed: [host1] => (item={'access_key': 'your-access-id', 'secret_key': > 'your-secret-key', 'name': 'you'}) > changed: [host2] => (item={'access_key': 'my-access-id', 'secret_key': > 'my-secret-key', 'name': 'me'}) > changed: [host2] => (item={'access_key': 'your-access-id', 'secret_key': > 'your-secret-key', 'name': 'you'}) > > ...except the values (my-secret-key, your-secret-key, etc) are actually > printed there. Is there a way to tell Ansible that these variables are > secret and not to print them? (We're not using Vault, but our own way to > isolate private vars; but http://docs.ansible.com/playbooks_vault.html > didn't seem to imply that this would be different if we were. Although > that could be a cool way to do it, if Ansible keeps track of what > variables were set by files that came from Vault.) > > -Josh ([email protected]) > > > > This email is intended for the person(s) to whom it is addressed and may > contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized > use, distribution, copying, or disclosure by any person other than the > addressee(s) is strictly prohibited. If you have received this email in > error, please notify the sender immediately by return email and delete the > message and any attachments from your system. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/21549.25712.833642.153469%40gargle.gargle.HOWL > . > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v8dVeB%2B-Ta3xbq3NcC6bj_yf%3D5O04paB3crYwGNE2A49Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
