From fa840d4c7c60d6f68d661cb40102fb0d0674fa83 Mon Sep 17 00:00:00 2001
From: Philippe Kueck <philfry@users.noreply.github.com>
Date: Thu, 9 Jun 2022 16:53:04 +0200
Subject: [PATCH] mention different results for password_hash depending on
 library used (#76863) (#77963)

---
 docs/docsite/rst/user_guide/playbooks_filters.rst | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/docsite/rst/user_guide/playbooks_filters.rst b/docs/docsite/rst/user_guide/playbooks_filters.rst
index 4d37b1c9e36..aaec7cb157d 100644
--- a/docs/docsite/rst/user_guide/playbooks_filters.rst
+++ b/docs/docsite/rst/user_guide/playbooks_filters.rst
@@ -1583,7 +1583,16 @@ Some hash types allow providing a rounds parameter:
     {{ 'secretpassword' | password_hash('sha256', 'mysecretsalt', rounds=10000) }}
     # => "$5$rounds=10000$mysecretsalt$Tkm80llAxD4YHll6AgNIztKn0vzAACsuuEfYeGP7tm7"
 
-Hash type 'blowfish' (BCrypt) provides the facility to specify the version of the BCrypt algorithm
+The filter `password_hash` produces different results depending on whether you installed `passlib` or not.
+
+To ensure idempotency, specify `rounds` to be neither `crypt`'s nor `passlib`'s default, which is `5000` for `crypt` and a variable value (`535000` for sha256, `656000` for sha512) for `passlib`:
+
+.. code-block:: yaml+jinja
+
+    {{ 'secretpassword' | password_hash('sha256', 'mysecretsalt', rounds=5001) }}
+    # => "$5$rounds=5001$mysecretsalt$wXcTWWXbfcR8er5IVf7NuquLvnUA6s8/qdtOhAZ.xN."
+
+Hash type 'blowfish' (BCrypt) provides the facility to specify the version of the BCrypt algorithm.
 
 .. code-block:: yaml+jinja