How to avoid the explicit use of 'no_log: True' parameter in playbook tasks which have sensitive values
Issue
When the variable 'display_args_to_stdout' is set to True (display_args_to_stdout = True) in any project' s ansible.cfg file and it is run by Tower in conjunction with a playbook that has 'strategy: free', it will cause the playbook to display its task's arguments in plain text (including sensitive data such as password). One way to solve this is to set no_log: True at the task level. However, the drawback here is that the no_log attribute does not prevent data (including sensitive) from being shown when debugging Ansible itself via the ANSIBLE_DEBUG environment variable.
Environment
Ansible Tower by Red Hat 3.3.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.