security guidelines for ansible role creators?

Nusenu1 · February 6, 2016, 1:23pm

Hi,

are there security guidelines for ansible role creators found somewhere
that lists common security pitfalls that one should look at to avoid
things like [1][2] and other such cases?

thanks!

[1]https://github.com/nusenu/ansible-relayor/commit/09f9afe7096395cb95310b8fb454c2b640ed17d9
[2]
https://github.com/nusenu/ansible-relayor/commit/d0a969fabe731e8f20dad074ec772ec12faaab7b#diff-0ab2a3945984f21ca36ce37d625d716cR147

Brian_Coca · February 6, 2016, 4:48pm

None Ansible specific, just follow good security practices you would
with any other systems.
Most of it boils down to validating and sanitizing your inputs and try
to avoid injection by quoting and escaping as the context requires it.
Also try to always use the least privilege needed and disclose as
little information as possible.

Topic		Views
playbook for role creation with best practice in mind Ansible Project	2	October 23, 2013
Hardening guideline for Ansible itself Ansible Project	0	May 24, 2017
things I need to figure out for ansible Ansible Project	0	August 9, 2012
Ansible 1.6.4 update - security release Ansible Project	3	June 25, 2014
Problems with global scoping & lazy template evaluation in playbooks & roles/includes Ansible Project	1	September 25, 2013

security guidelines for ansible role creators?

Related topics