Variables containing passwords - Filtering

Hello,
I would like to share a feature idea: how about filtering passwords defined in variables in a way that they are never put through output or red/blue logs?

It seems that at this time is filtered only output where “password=something”, “login_password=something” or patterns like “user:pass@foo/whatever” are found. By the way, also these features seem to not work properly.

Another solution could be to enable “no_log=True” parameter but only few modules seem to support it.

Thanks in advance.

This has been discussed about 5 times over the last 3 days :slight_smile:

Yes, we would like to enable the “no_log: True” attribute on a task to alter the way the callback outputs data. (or rather, the info passed to the callback should be trimmed in that case)

Right now no_log: True is controlling remote syslog, the proposal is to make it also control the data passed to callbacks.