Mirrors/ansible-collection-famedly-base
2
0
Fork 0
mirror of https://github.com/famedly/ansible-collection-base synced 2024-11-10 06:24:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(gpg_secretstore): prevent secret caching

Browse source 
Setting the fact inside the module itself lead to secrets being cached
in plain text on the ansible controller. Apparently, there is no way to
non-persistently cache facts without using the builtin set_fact action.
See https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/strategy/__init__.py#L708

Added a warning about using the feature and reverted to the set_fact
action plugin.
This commit is contained in:
Lars Kaiser 2022-01-25 10:11:28 +01:00 committed by Jan Christian Grünhage
parent c54ac98e2d
commit 034370e626
No known key found for this signature in database
GPG key ID: EEC1170CE56FA2ED
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
plugins/modules/gpg_secretstore.py
View file

@ -88,7 +88,8 @@ options:
default: 'plain'
secret_fact:
description:
- If `secret_fact` is set and `state` is `present`, the module will set the secret return value under the contained key as an ansible fact
- If `secret_fact` is set and `state` is `present`, the module will set the secret return value under the contained key as an ansible fact.
- WARNING: If you have a persistent cache configured, the secret will be cached in plain text.
required: False
type: str
overwrite: