How to avoid the explicit use of 'no_log: True' parameter in playbook tasks which have sensitive values

Solution Unverified - Updated -

Issue

When the variable 'display_args_to_stdout' is set to True (display_args_to_stdout = True) in any project' s ansible.cfg file and it is run by Tower in conjunction with a playbook that has 'strategy: free', it will cause the playbook to display its task's arguments in plain text (including sensitive data such as password). One way to solve this is to set no_log: True at the task level. However, the drawback here is that the no_log attribute does not prevent data (including sensitive) from being shown when debugging Ansible itself via the ANSIBLE_DEBUG environment variable.

Environment

Ansible Tower by Red Hat 3.3.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content