note that environment is not good for secrets (#69618)

* note that environment is not good for secrets
* Update docs/docsite/rst/user_guide/playbooks_environment.rst
Co-authored-by: Sam Doran <sdoran@redhat.com>
This commit is contained in:
Brian Coca 2020-05-28 16:24:32 -04:00 committed by GitHub
parent 412af6ae91
commit d0a25f004c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions

View file

@ -27,7 +27,7 @@ delay: Number of seconds to delay between retries. This setting is only used in
delegate_facts: Boolean that allows you to apply facts to a delegated host instead of inventory_hostname.
delegate_to: Host to execute task instead of the target (inventory_hostname). Connection vars from the delegated host will also be used for the task.
diff: "Toggle to make tasks return 'diff' information or not."
environment: A dictionary that gets converted into environment vars to be provided for the task upon execution. This can ONLY be used with modules. This isn't supported for any other type of plugins nor Ansible itself nor its configuration, it just sets the variables for the code responsible for executing the task.
environment: A dictionary that gets converted into environment vars to be provided for the task upon execution. This can ONLY be used with modules. This isn't supported for any other type of plugins nor Ansible itself nor its configuration, it just sets the variables for the code responsible for executing the task. This is not a recommended way to pass in confidential data.
fact_path: Set the fact path option for the fact gathering plugin controlled by :term:`gather_facts`.
failed_when: "Conditional expression that overrides the task's normal 'failed' status."
force_handlers: Will force notified handler execution for hosts even if they failed during the play. Will not trigger if the play itself fails.

View file

@ -113,6 +113,9 @@ Some language-specific version managers (such as rbenv and nvm) require you to s
.. note::
The example above uses ``ansible_env`` as part of the PATH. Basing variables on ``ansible_env`` is risky. Ansible populates ``ansible_env`` values by gathering facts, so the value of the variables depends on the remote_user or become_user Ansible used when gathering those facts. If you change remote_user/become_user the values in ``ansible-env`` may not be the ones you expect.
.. warning::
Environment variables are normally passed in clear text (shell plugin dependent) so they are not a recommended way of passing secrets to the module being executed.
You can also specify the environment at the task level::
---