From cc71ada59d30bc7fb4fcd45ebc5766430b4f4409 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Wed, 15 Feb 2023 14:25:49 +0100
Subject: [PATCH] fix: hide sensitive information in log output

---
 tasks/create_unix_user.yml | 12 ++++++++----
 tasks/main.yml             |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/tasks/create_unix_user.yml b/tasks/create_unix_user.yml
index b4524e7..4972c26 100644
--- a/tasks/create_unix_user.yml
+++ b/tasks/create_unix_user.yml
@@ -14,7 +14,8 @@
     shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
     password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
     state: present
-  when: "unix_user.value.groups is not defined and unix_user.value.uid is not defined"
+  when: unix_user.value.groups is not defined and unix_user.value.uid is not defined
+  no_log: true
 
 - name: "Create unix user without additional groups and with uid: {{ unix_user.key }}"
   ansible.builtin.user:
@@ -27,7 +28,8 @@
     shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
     password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
     state: present
-  when: "unix_user.value.groups is not defined and unix_user.value.uid is defined"
+  when: unix_user.value.groups is not defined and unix_user.value.uid is defined
+  no_log: true
 
 - name: "Create unix user with additional groups and uid: {{ unix_user.key }}"
   ansible.builtin.user:
@@ -41,7 +43,8 @@
     shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
     password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
     state: present
-  when: "unix_user.value.groups is defined and unix_user.value.uid is defined"
+  when: unix_user.value.groups is defined and unix_user.value.uid is defined
+  no_log: true
 
 - name: "Create unix user with additional groups and without uid: {{ unix_user.key }}"
   ansible.builtin.user:
@@ -54,7 +57,8 @@
     shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
     password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
     state: present
-  when: "unix_user.value.groups is defined and unix_user.value.uid is not defined"
+  when: unix_user.value.groups is defined and unix_user.value.uid is not defined
+  no_log: true
 
 - name: "Create .ssh directory for unix user: {{ unix_user.key }}"
   ansible.builtin.file:
diff --git a/tasks/main.yml b/tasks/main.yml
index 4cbc2c3..6ea2d43 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -34,6 +34,7 @@
 
 - name: Create unix users
   ansible.builtin.include_tasks: create_unix_user.yml
+  no_log: true
   with_dict: "{{ unix_users }}"
   loop_control:
     loop_var: unix_user