mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-05-08 06:12:51 +00:00
[PR #11005/54af64ad backport][stable-9] keycloak_user: mark credentials[].value as no_log=True (#11010)
keycloak_user: mark credentials[].value as no_log=True (#11005)
Mark credentials[].value as no_log=True.
(cherry picked from commit 54af64ad36)
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
patchback[bot]
GitHub
4
changelogs/fragments/11005-keycloak_user.yml
Normal file
4
changelogs/fragments/11005-keycloak_user.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
security_fixes:
|
||||
- "keycloak_user - the parameter ``credentials[].value`` is now marked as ``no_log=true``. Before it was logged by Ansible, unless the task was marked as ``no_log: true``.
|
||||
Since this parameter can be used for passwords, this resulted in credential leaking
|
||||
(https://github.com/ansible-collections/community.general/issues/11000, https://github.com/ansible-collections/community.general/pull/11005)."
|
||||
Reference in New Issue
Block a user