This is something I'd be quite interested in as well. All of our private data is stored via ansible-vault, but then it winds up being displayed in plain text as the playbook executes. In a slightly contrived example, I've got an encrypted users.yml file that has user passwords. In my playbook, I pass the variable to the users module as "with_items: users", and wind up seeing all of the passwords, exactly like Thom pasted above.
Certainly the argument can be made that since I knew the vault password, I could go look up that information anyway, but I'm more concerned with someone looking over my shoulder, or the output being some where I don't control (Jenkins, for instance). So nothing valuable to add to this discussion, only hoping to see what others have done to work around this! On Tue, Jun 10, 2014 at 7:46 AM, Nadir Lloret <[email protected]> wrote: > I was facing some similar problem. > Mine is just that the dictionary being included in the output has too many > values that it makes output messy and I would prefer just to include > dict.key at the item=() output. > > It would be really nice to be able to decide if all the item or just a > part of it is printed to the output. > > El jueves, 5 de junio de 2014 20:15:48 UTC+2, Thom Seddon escribió: > >> >> When you use a loop in an ansible task, e.g. with_items or with_dict, a >> dump of the item is included in the output. Sometimes these items contain >> secure infomation which it is undesirable to have output on screen, for >> example: >> >> --- >> - name: Test >> hosts: 127.0.0.1 >> vars: >> dbs: >> prod: >> port: 3306 >> password: secret >> dev: >> port: 3307 >> password: notsosecret >> tasks: >> - command: echo {{ item.value.port }} >> with_dict: dbs >> >> >> outputs: >> >> [thom@ThomComp test]$ ansible-playbook ansible/test.yml >> >> >> PLAY [Test] ************************************************************ >> ******* >> >> >> GATHERING FACTS ****************************** >> ********************************* >> ok: [127.0.0.1] >> >> >> TASK: [command echo {{item.value.port}}] ****************************** >> ******** >> changed: [127.0.0.1] => (item={'value': {'password': 'secret', 'port': >> 3306}, 'key': 'prod'}) >> changed: [127.0.0.1] => (item={'value': {'password': 'notsosecret', >> 'port': 3307}, 'key': 'dev'}) >> >> >> PLAY RECAP ************************************************************ >> ******** >> 127.0.0.1 : ok=2 changed=1 unreachable=0 failed >> =0 >> >> >> At best, I think there should be a way to choose what is output (in this >> case I would choose the dict.key), at least I think there should be a way >> to suppress this output. >> >> Opinions/ideas? >> >> Thanks >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/35cc2483-54d2-40db-99ef-172bd0b970d5%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/35cc2483-54d2-40db-99ef-172bd0b970d5%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPcsqxnEn_wLyAsVHaEGtQuaHVb9i0X1qiczfCp1ob7h%2BSJnBA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
