As far as I can see, some modules implement a special
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" for some attributes, which cause them
to be hidden from output, which is great.
However, I'd like to control this outside of modules. A use case is for
example a playbook doing things:
- name: Get AWS credentials
set_fact:
aws_creds: "{{ lookup('passwordstate', aws_iam_ansible_passwordstate_id) }}"
- name: Grab username and password from creds
set_fact:
aws_access_key: "{{ aws_creds['username'] }}"
aws_secret_key: "{{ aws_creds['password'] }}"
I want to be able to flag parameters as "globally hidden", not just as
module outputs. I know I can use no_log, but that would hide _all_ output
from a step, which makes it hard to troubleshoot stuff (this is what we're
doing today, and having to temporarily turn off the no_log flag when
troubleshooting is a headache.
Is there anyway to (for example) set ansible.cfg to always hide the value
of variables called aws_access_key, regardless of playbook/play/task/role?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2f3fa5ff-6c05-4332-b085-de1c13773d14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
