Variables containing passwords - Filtering

Simone_Bovi · July 16, 2014, 8:02am

Hello,
I would like to share a feature idea: how about filtering passwords defined in variables in a way that they are never put through output or red/blue logs?

It seems that at this time is filtered only output where “password=something”, “login_password=something” or patterns like “user:pass@foo/whatever” are found. By the way, also these features seem to not work properly.

Another solution could be to enable “no_log=True” parameter but only few modules seem to support it.

Thanks in advance.

Michael_DeHaan1 · July 17, 2014, 12:28pm

This has been discussed about 5 times over the last 3 days

Yes, we would like to enable the “no_log: True” attribute on a task to alter the way the callback outputs data. (or rather, the info passed to the callback should be trimmed in that case)

Michael_DeHaan1 · July 17, 2014, 12:28pm

Right now no_log: True is controlling remote syslog, the proposal is to make it also control the data passed to callbacks.

Topic		Replies	Views
1.8 update news: By popular demand, no_log True has increased censorship Ansible Project	0	0	August 12, 2014
Suppressing secrets in Ansible console output Ansible Developer	0	3	March 21, 2023
no_log doesn't prevent logging Ansible Project	0	0	August 14, 2015
Remove task loop item from output (again) Ansible Project	2	2	July 15, 2014
ansible_failed_task logs private variables Ansible Developer vmware	1	0	June 13, 2023

Variables containing passwords - Filtering

Related topics