From 2cfd6c69202076e487473e05ec0864c95fea9778 Mon Sep 17 00:00:00 2001 From: Silvio Tomatis Date: Sat, 19 Nov 2016 10:13:07 +0100 Subject: [PATCH] Change old recommendation about insecure variables (#18493) * Change old recommendation about insecure variables These warnings were relevant before ansible had the secure vault feature: any secret put into a variable used to be a bad idea. With the vault feature (available since ansible 1.5) it's no longer a bad idea to use these variables, as long as they aren't stored in plain text. * Update intro_inventory.rst Minor edit --- docsite/rst/intro_inventory.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docsite/rst/intro_inventory.rst b/docsite/rst/intro_inventory.rst index af36191a0cd..e6cf58c3e09 100644 --- a/docsite/rst/intro_inventory.rst +++ b/docsite/rst/intro_inventory.rst @@ -218,7 +218,7 @@ ansible_port ansible_user The default ssh user name to use. ansible_ssh_pass - The ssh password to use (this is insecure, we strongly recommend using :option:`--ask-pass` or SSH keys) + The ssh password to use (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) ansible_ssh_private_key_file Private key file used by ssh. Useful if using multiple keys and you don't want to use SSH agent. ansible_ssh_common_args @@ -247,7 +247,7 @@ ansible_become_method ansible_become_user Equivalent to ``ansible_sudo_user`` or ``ansible_su_user``, allows to set the user you become through privilege escalation ansible_become_pass - Equivalent to ``ansible_sudo_pass`` or ``ansible_su_pass``, allows you to set the privilege escalation password (this is insecure, we strongly recommend using :option:`--ask-become-pass` or SSH keys) + Equivalent to ``ansible_sudo_pass`` or ``ansible_su_pass``, allows you to set the privilege escalation password (never store this variable in plain text; always use a vault. See :ref:`best_practices_for_variables_and_vaults`) Remote host environment parameters: