Hi @Fryguy , thanks for your reply.
If the state vars are handled by yourself in a Ruby automate method, I believe you can encrypt/decrypt them using ManageIQ::Password, which will, in turn prevent them from being logged
Yes, state vars are set from ruby and are read afterwards by ansible playbook. If state_vars are encrypted in ruby, is it possible to decrypt them on ansible side?
If you are seeing values, I believe your playbook must be logging those with set_stats. If you take a look at the STDOUT of your playbook run do you also see the value in plaintext?
I do not have any isses with playbook output as it can be controlled in playbook with
no_log parameters and with log levels in ManageIQ.
The case I am refering to is specific to
automation.log messages of following format:
[----] I, [2021-08-23T08:12:32.717082 #2347:2ada74e89968] INFO -- : Q-task_id([r120_miq_provision_111]) Reloading state var data: ---
I would like to find out if it is possible to mask specific parameters, or if not possible, completely disable this kind of log records.