In AWX/Tower, credentials provided to a job template are injected as temporary extra vars files, with paths like:
/tmp/bwrap_<id>_<random>/awx_<id>_<random>/tmp<random>
These files are recorded by ARA:
I tested configurations of the ARA client to try to exclude them, using the ignored_files parameter, among others, without success. Is there a known working pattern or an option I overlook to exclude only these temporary credential extra vars files from being recorded by ARA, while still retaining other non-sensitive extra vars?
(I must say: I know
it’s still an AWX/Tower 3.8.5 here, but unfortunately that’s how it is… I hope it won’t be for much longer!)
Thank you for your help!

