mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-02-04 07:51:50 +00:00
ae6fa9a684
keycloak_user: mark credentials[].value as no_log=True (#11005)
Mark credentials[].value as no_log=True.
(cherry picked from commit 54af64ad36)
Co-authored-by: Felix Fontein <felix@fontein.de>
4 lines
427 B
YAML
4 lines
427 B
YAML
security_fixes:
|
|
- "keycloak_user - the parameter ``credentials[].value`` is now marked as ``no_log=true``. Before it was logged by Ansible, unless the task was marked as ``no_log: true``.
|
|
Since this parameter can be used for passwords, this resulted in credential leaking
|
|
(https://github.com/ansible-collections/community.general/issues/11000, https://github.com/ansible-collections/community.general/pull/11005)."
|