docs: Document disabling diff on task level (#37998)

* docs: Document disabling diff on task level Tasks that deal with secrets may leak sensitive information when running in Check Mode. This change updates the documentation explaining that the diff can be deactivated on task level. The feature was requested in #14860 and got introduced in Ansible 2.4 with #28581. * Updated for clarity
6 years ago · 9cca9a9c10
parent 2a604f6fe6
commit 9cca9a9c10
1 changed files with 15 additions and 0 deletions
--- a/docs/docsite/rst/user_guide/playbooks_checkmode.rst
+++ b/docs/docsite/rst/user_guide/playbooks_checkmode.rst
@ -98,3 +98,18 @@ Since the diff feature produces a large amount of output, it is best used when c

    ansible-playbook foo.yml --check --diff --limit foo.example.com

+.. versionadded:: 2.4
+
+The ``--diff`` option can reveal sensitive information. This option can disabled for tasks by specifying ``diff: no``. 
+
+Example::
+
+  tasks:
+    - name: this task will not report a diff when the file changes
+      template:
+        src: secret.conf.j2
+        dest: /etc/secret.conf
+        owner: root
+        group: root
+        mode: '0600'
+      diff: no