It’s not possible. You should use vaults/credentials to store sensitive data.
Hi aki,
It IS possible to have your username/password in a playbook, but it is NOT recommended.
- Bianca
Hey again aki, I wanted to expand on my earlier response a bit more.
The hierarchy which Ansible/Tower modules uses to search for login information is as follows [in order of lowest —> highest on the hierarchy]:
/etc/tower/tower_cli.cfg
<user_dir>/.tower_cli.cfg
Any tower_cli.cfg file from / to cwd
Any values specified in the config file pointed to in the modules’ tower_config parameter
Any values specified in the modules’ tower_* parameters (username/password/host/etc)
You can set env vars for the playbook to use via the UI (see link below for where you can do that):
https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#ansible-tower
… or via API, by POSTing something like this (with appropriate info inserted, and either ‘user’, ‘team’, or ‘organization’ where “user” is listed in the example below) at the api/v2/credentials/ endpoint:
{
“name”: “XYZ”,
“description”: “for testing”,
“organization”: null,
“credential_type”: 16,
“inputs”: {
“host”: “[desired host address]”,
“password”: “[password]”,
“username”: “[username”,
“verify_ssl”: false
}
}
(Note that “credential_type”: 16 makes this a Tower credential)
After you do this, the playbook can pull in the env vars via something like the below: