I have a password I need to have on a delegate_to task, but I don’t really want it passed to the other hosts. Is there a way to do this?
I’ve tried setting the variable in a group_vars for the machine the task is delegated to, but it doesn’t load those variables, just the ones for the current host.
I can’t think of how to use the vars: option on the task itself without having another variable that would be passed on to the host.
Variables in Ansible is always referencing the current host, delegate_to doesn't change that.
To get variables from other host you need to use hostvars['<inventory hostname of the host>']
So Kai answered your question, but I think I should clarify something
else i see as a misconception.
Hosts don't get variables passed to them, ONLY the values assigned to
the modules executed on the host get pushed, so defining data for a
host does not mean that data ever makes it to the host.
Templating always happens on the controller (otherwise we would
require jinja2 and other things on the targets) and then ONLY the data
assigned to the specific task (module options) get passed with the
code of the module for execution on that host.