Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide security-sensitive data from Ansible logs. #436

Merged
merged 1 commit into from
Jul 19, 2023
Merged

Hide security-sensitive data from Ansible logs. #436

merged 1 commit into from
Jul 19, 2023

Conversation

tkyjovsk
Copy link
Contributor

@tkyjovsk tkyjovsk commented Jul 19, 2023
edited
Loading

Security sensitive data like key pairs, IPs, etc. are now hidden from Ansible logs by default.

For debugging purposes these logs can be explicitly enabled by setting the Ansible variable no_log_sensitive to false.

Closes #435

@tkyjovsk tkyjovsk marked this pull request as ready for review July 19, 2023 18:14
@kami619 kami619 self-requested a review July 19, 2023 20:55
kami619
kami619 approved these changes Jul 19, 2023
View reviewed changes
Copy link
Contributor

@kami619 kami619 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this

It works as expected on my local

TASK [aws_ec2 : Get Ansible Control Host's public IP] ***************************************************************************************************************************************************************************
changed: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [aws_ec2 : Create Security Group] ******************************************************************************************************************************************************************************************
changed: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [aws_ec2 : Create Key] *****************************************************************************************************************************************************************************************************
changed: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

TASK [aws_ec2 : Save Private Key on Ansible Control Machine] ********************************************************************************************************************************************************************
changed: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true}

@kami619 kami619 merged commit 06642a1 into keycloak:main Jul 19, 2023
1 check passed
@tkyjovsk tkyjovsk deleted the is-435-ec2-key branch March 1, 2024 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kami619 kami619 kami619 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ec2 load runners creation ansible playbook outputs private rsa key to the console
2 participants
@tkyjovsk @kami619