Excluding AWX/Tower Temporary Credential Extra Vars Files from ARA Recording

orx57 · February 20, 2026, 4:12pm

In AWX/Tower, credentials provided to a job template are injected as temporary extra vars files, with paths like:

/tmp/bwrap_<id>_<random>/awx_<id>_<random>/tmp<random>

These files are recorded by ARA:

I tested configurations of the ARA client to try to exclude them, using the ignored_files parameter, among others, without success. Is there a known working pattern or an option I overlook to exclude only these temporary credential extra vars files from being recorded by ARA, while still retaining other non-sensitive extra vars?

(I must say: I know it’s still an AWX/Tower 3.8.5 here, but unfortunately that’s how it is… I hope it won’t be for much longer!)

Thank you for your help!

rfc2549 · February 21, 2026, 1:43am

Hi,

The files included in a pattern provided to ARA_IGNORED_FILES will still be created but they should be empty a bit like this from the integration tests:

That result came from export ARA_IGNORED_FILES=".ansible/tmp,ignored_task_file.yaml".

In the example you provided /tmp/bwrap should work.

Topic		Replies	Views
Logging useful? Get Help awx	17	228	July 19, 2024
how to stop Tower from deleting extra vars in job template when nothing is uncommented AWX Project	0	6	June 24, 2021
Occupying a big space on /tmp in AWX 13.0.0 AWX Project awx	2	12	November 9, 2022
Is it possible to pass extra variables via a file? AWX Project awx	2	278	October 15, 2021
Storing env-specific files in inventories AWX Project awx	1	65	July 3, 2022

Excluding AWX/Tower Temporary Credential Extra Vars Files from ARA Recording

Related topics