1. ansible
  2. Commit 8ed0c02e5c3c27dee7a3485de9d8c84171cf43d6
Browse code

Partial backport of community.aws/471 - no_log=True for aws_secret (#73873)

Mark Chappell authored on 2021/04/04 01:22:39
Showing 2 changed files
changelogs/fragments/471-no_log.yml
History View file @ 8ed0c02
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,2 @@
0 
+security_fixes:
1 
+- aws_secret - flag the ``secret`` parameter as containing sensitive data which shouldn't be logged (https://github.com/ansible-collections/community.aws/pull/471).
lib/ansible/modules/cloud/amazon/aws_secret.py
History View file @ 8ed0c02
... ... 
@@ -327,7 +327,7 @@ def main():
327 327 
             'description': dict(default=""),
328 328 
             'kms_key_id': dict(),
329 329 
             'secret_type': dict(choices=['binary', 'string'], default="string"),
330 
-            'secret': dict(default=""),
330 
+            'secret': dict(default="", no_log=True),
331 331 
             'tags': dict(type='dict', default={}),
332 332 
             'rotation_lambda': dict(),
333 333 
             'rotation_interval': dict(type='int', default=30),