diff --git a/roles/cloud-ec2/tasks/prompts.yml b/roles/cloud-ec2/tasks/prompts.yml index 368922f8..213ac93d 100644 --- a/roles/cloud-ec2/tasks/prompts.yml +++ b/roles/cloud-ec2/tasks/prompts.yml @@ -21,6 +21,7 @@ - set_fact: access_key: "{{ aws_access_key | default(_aws_access_key.user_input|default(None)) | default(lookup('env','AWS_ACCESS_KEY_ID'), true) }}" secret_key: "{{ aws_secret_key | default(_aws_secret_key.user_input|default(None)) | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}" + no_log: true - block: - name: Get regions diff --git a/roles/common/tasks/facts.yml b/roles/common/tasks/facts.yml index 61a17ae6..68162645 100644 --- a/roles/common/tasks/facts.yml +++ b/roles/common/tasks/facts.yml @@ -3,11 +3,13 @@ set_fact: p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}" tags: update-users + no_log: true - name: Set facts set_fact: CA_password: "{{ ca_password|default(lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@')) }}" IP_subject_alt_name: "{{ IP_subject_alt_name }}" + no_log: true - name: Set IPv6 support as a fact set_fact: diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml index f51a74dc..9f9dc951 100644 --- a/roles/strongswan/tasks/openssl.yml +++ b/roles/strongswan/tasks/openssl.yml @@ -65,6 +65,7 @@ chdir: "{{ ipsec_pki_path }}" creates: "{{ IP_subject_alt_name }}_ca_generated" executable: bash + no_log: true - name: Copy the CA certificate copy: @@ -99,6 +100,7 @@ chdir: "{{ ipsec_pki_path }}" creates: certs/{{ IP_subject_alt_name }}_crt_generated executable: bash + no_log: true - name: Build the client's pair shell: > @@ -123,6 +125,7 @@ creates: certs/{{ item }}_crt_generated executable: bash with_items: "{{ users }}" + no_log: true - name: Build the tests pair shell: > @@ -147,6 +150,7 @@ creates: certs/google-algo-test-pair.com_crt_generated executable: bash when: tests|default(false)|bool + no_log: true - name: Build openssh public keys openssl_publickey: @@ -185,6 +189,7 @@ executable: bash with_items: "{{ users }}" register: p12 + no_log: true - name: Build the client's p12 with the CA cert included shell: > @@ -203,6 +208,7 @@ executable: bash with_items: "{{ users }}" register: p12 + no_log: true - name: Copy the p12 certificates copy: @@ -235,6 +241,7 @@ executable: bash when: item.split('@')[0] not in users with_items: "{{ valid_certs.stdout_lines }}" + no_log: true - name: Generate new CRL file shell: > @@ -248,6 +255,7 @@ args: chdir: "{{ ipsec_pki_path }}" executable: bash + no_log: true delegate_to: localhost become: false vars: diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml index e9ce8a3a..2a6aa255 100644 --- a/roles/wireguard/tasks/keys.yml +++ b/roles/wireguard/tasks/keys.yml @@ -16,6 +16,7 @@ with_items: - "{{ users }}" - "{{ IP_subject_alt_name }}" + no_log: true - block: - name: Save private keys @@ -55,6 +56,7 @@ with_items: - "{{ users }}" - "{{ IP_subject_alt_name }}" + no_log: true - block: - name: Save preshared keys @@ -89,6 +91,7 @@ with_items: - "{{ users }}" - "{{ IP_subject_alt_name }}" + no_log: true - name: Save public keys copy: diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 4b65a0a1..ae3fc7fe 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -74,6 +74,7 @@ args: chdir: "{{ wireguard_config_path }}" executable: bash + no_log: true become: false delegate_to: localhost