Just starting to use Ansible but wouldn't this be better solved using a separate ssh key for prod systems that requires a password that only authorized personnel have access to and loading that key into ssh agent before running plays? Depending on you naming scheme, you may even be able to specify production hosts via wildcard in ~/.ssh/config file. This not only limits the ability to push to production but adds additional security.
Note: Ansible's user module can be used to push out new ssh authorized keys. Apologies if this solution is off the mark but my background is in information security. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c325bf2f-55b3-43a4-8dbd-5036d8d69e24%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
