Hi everyone,
We use a credential of type VMware vcenter (10. Credentials — Ansible AWX community documentation) in an AWX job template. The credential information (host, username, password) is transferred to the playbook as ENV variables.
However, the started automation-job pod writes these ENV variables to stdout at startup. And since stdout comes from pods to Graylog, sensitive information is leaked.
Is there a way to suppress the writing of ENV vars in AWX, EE or ansible-runner?
{"status": "starting", "runner_ident": "10091", "command": ["ssh-agent", "sh", "-c", "trap 'rm -f /runner/artifacts/10091/ssh_key_data' EXIT && ssh-add /runner/artifacts/10091/ssh_key_data && rm -f /runner/artifacts/10091/ssh_key_data && ansible-playbook -u **** -e @/runner/env/tmp_wou1p52 -i /runner/inventory/hosts -e @/runner/env/extravars playbook.yaml"], "env": { [...]"VMWARE_PASSWORD": "password-in-clear-text", }[...]}
Thanks!