Potentially, as far as I can tell the workaround does nothing to stop a plaintext log of the password in memory. You might also consider using ansible Vault, and the ansible_become_password variable. This seems more inline with what you need/want. Even allows for using different passwords in various points by changing the variable with set.
https://eengstrom.github.io/musings/ansible-sudo-var On Thu, Feb 22, 2024 at 7:28 AM Dick Visser <[email protected]> wrote: > On Wed, 21 Feb 2024 at 20:53, Evan Hisey <[email protected]> wrote: > >> Why not use the "-K" when launching ansible-playbook? That will trigger >> prompting fo the sudo password securely. >> > > Because I don't want to have to remember to use it. > I have several playbooks, some of them require -K and some of them do not. > I think it should be possible to express that requirement with some > parameter, so that I don't have to remember it. > > Is the above workaround less secure than doing -K on the command line? > > thx > > Dick > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLZyVuMviqx-Ba4erXvshW%3Dm2ydmqbvtV%2BXUDPehRcbwrQ%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLZyVuMviqx-Ba4erXvshW%3Dm2ydmqbvtV%2BXUDPehRcbwrQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEcFzYzKS_1%3DJg%2BZB%2B7L5m3sFUh_w4BWOk_%3DieYdR%2BEDYW9%3DSw%40mail.gmail.com.
