From fcdf0b80b3112ae01cc7687c1b3f29fbcceb42dd Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasurde@redhat.com>
Date: Thu, 10 Apr 2025 12:15:42 -0700
Subject: [PATCH] git: Document security risk involved in embedding user creds
 (#84963)

* Provide warning to user about the potential risk involved in
  embedding username and password in git URL while checking out the source.

Fixes: #84557

Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
---
 lib/ansible/modules/git.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ansible/modules/git.py b/lib/ansible/modules/git.py
index 14d26195461..f7b5ae9752f 100644
--- a/lib/ansible/modules/git.py
+++ b/lib/ansible/modules/git.py
@@ -21,6 +21,10 @@ options:
     repo:
         description:
             - git, SSH, or HTTP(S) protocol address of the git repository.
+            - Avoid embedding usernames and passwords within Git repository URLs.
+              This practice is insecure and can lead to unauthorized access to your repositories.
+              For secure authentication, configure SSH keys (recommended) or use a credential helper.
+              See Git documentation on SSH keys/credential helpers for instructions.
         type: str
         required: true
         aliases: [ name ]