From da57e2dd65c849e4fae65beac935c438bb0532e6 Mon Sep 17 00:00:00 2001
From: "Thierno IB. BARRY" <ibrahima.br@gmail.com>
Date: Mon, 19 Sep 2016 17:41:24 +0200
Subject: [PATCH] no log password when adding or updating user

---
 handlers/shield/elasticsearch-shield-native.yml  | 1 +
 tasks/xpack/shield/elasticsearch-shield-file.yml | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/handlers/shield/elasticsearch-shield-native.yml b/handlers/shield/elasticsearch-shield-native.yml
index 52083a5..c666f23 100644
--- a/handlers/shield/elasticsearch-shield-native.yml
+++ b/handlers/shield/elasticsearch-shield-native.yml
@@ -64,6 +64,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
   when: manage_native_users and es_users.native.keys() > 0
+  no_log: True
   with_dict: "{{es_users.native}}"
 
 #List current roles
diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml
index da78e91..6fa7182 100644
--- a/tasks/xpack/shield/elasticsearch-shield-file.yml
+++ b/tasks/xpack/shield/elasticsearch-shield-file.yml
@@ -31,6 +31,7 @@
     {{es_home}}/bin/shield/esusers useradd {{item}} -p {{es_users.file[item].password}}
   with_items: "{{users_to_add}}"
   when: manage_file_users and users_to_add | length > 0
+  no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"
@@ -43,6 +44,7 @@
   when: manage_file_users and es_users.file.keys() | length > 0
   #Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
   changed_when: False
+  no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"