Reference Guide
Table Of Contents
Auditing and logging
OMAM does not have its own logging mechanism, and it depends on the default Ansible logging capability. By default, Ansible
sends output about plays, tasks, and module arguments to your screen (STDOUT) on the control node see Logging Ansible
Output for more details. Encryption with Ansible Vault only protects data at rest. Once the content is decrypted (data in use),
play and plugin authors are responsible for avoiding any secret disclosure. For details on hiding output, see no_log. For security
considerations on editors that you use with Ansible Vault, see Steps to secure your editor.
Protecting sensitive data with 'no log'
If you save Ansible output to a log, you expose any secret data in your Ansible output, such as passwords and usernames. To
keep sensitive values out of your logs, mark tasks that expose them with the no_log: True attribute. However, the no_log
attribute does not affect debugging output.
8 Product and Subsystem Security