The log output of the conjur-role without "no_log" set to true has been reviewed

Question

The log output of the conjur-role without "no_log" set to true has been reviewed

Opened this issue 4 years ago · 0 comments

The following comment is in our README.md:

### Recommendations

- Add `no_log: true` to each play that uses sensitive data, otherwise that data can be printed to
  the logs.

- Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs
  it.

We should review these recommendations to determine if there is a way to ensure no information is accidentally displayed in the logs by default (e.g. without specifying no_log: true) to improve the overall security and UX of the role.