Suppressing ansible logging for a specific action

Ansible’s logging to the system log is pretty sweet.

However, there are occasions when I’d like to repress it for security concerns.

Specifically, when using the file module and the contents flag, whatever “contents” is set to, will show up in the syslog in plain text.

For example, when copying an ssl private key to a machine, you’d see:

Aug 4 10:55:22 HOST ansible-file: Invoked with src=tmp6Ezoy8 directory_mode=None force=False remote_src=None dest=/etc/apache2/ssl/wildcard.xes-mad.com.key selevel=None serole=None seuser=None recurse=False delimiter=None group=root content=-----BEGIN RSA PRIVATE KEY-----#012manually#012hidden#012for#012demonstration#012purposes#012-----END RSA PRIVATE KEY-----#012 state=None original_basename=tmp6Ezoy8 diff_pee

So having another flag for either this module specifically or for modules in general to suppress syslog output would be great.

The alternative is to write a temporary file and copy that over. This is not excessively unreasonable, but also just not my first choice.

This is the “no_log: True” feature already a part of Ansible.

  • shell: command # or any other module usage
    no_log: True

This is exactly what I was looking for; sorry, I didn’t see it on my own!

Thanks,