I’m trying to create a Template job to change an user password.
The template job asks the user for a new password and this is sued on the playbook as new_password.
I believe the password is passed to the Playbook encrypted and that is necessary to decrypt to use correctly on the user module.
Is this right? How is it done?
It’s not passed encrypted. We encrypt it in the database and obscure it in the API endpoints. You can use ansibles debug module to print it out and see for yourself.
Actually i have debug level set on the job log…
The thing is that the job does not fail, but when i try to login using the new credentials the password is not accepted.
The Log do not show the password, only states:
“password”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,
“password”: “NOT_LOGGING_PASSWORD”,
Also, I remember reading as a bug that the password was accesible on the log. Perhaps the behaviur has changed.
This is my playbook.