to hide password from the output

Question

I'm passing the password to my sudo in ansible playbook like:

echo <password> | sudo -S su - <username>

It's working fine. But the problem here is in my output the password is visible.

Is there any way to hide the password or at least to encrypt it? My playbook is like this:

- name: Weblogic Server control
  hosts: "appserver"

  tasks:
  - name: Ansible copy file to remote server
    shell:
      cmd: |
        echo "{{ansible_password}}" | sudo -S su - dmsc

        echo "{{ansible_password}}" | sudo -S su - dmsc << EOF
        id
        cp /home/svc-rb_auto_non_prod/emc-dfs-demo.ear /local/apps/dmscsp/wls1213/user_projects/domains/scspqa_domain/servers/scspqa_admin/upload/emc-dfs-demo.ear
        EOF
    register: shell_out

  - debug:
      var: shell_out
  ------

output:

TASK [debug] ******************************************************************************************************
ok: [appserver] => {
    "shell_out": {
        "changed": true, 
        "cmd": [
            "echo", 
            "siva123", 
            "|", 
            "sudo", 
            "-S", 
            "su", 
            "-", 
            "ls", 
            "EOF"
        ], 
        "delta": "0:00:00.004095", 
        "end": "2018-10-31 02:42:40.627875", 
        "failed": false, 
        "rc": 0, 
        "start": "2018-10-31 02:42:40.623780", 
        "stderr": "", 
        "stderr_lines": [], 
        "stdout": "siva123 | sudo -S su - ls EOF", 
        "stdout_lines": [
            "siva123 | sudo -S su - ls EOF"
        ] 

Answer 1

You want the no_log: true attribute added to the task. This is described in the Ansible documentation and answered previously at https://serverfault.com/questions/681832/how-can-i-stop-ansible-from-writing-passwords-to-the-logfiles#766095