From a0471a3436e937ab60c4da518762d546ccd22a58 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Mon, 12 Feb 2024 16:31:28 +0000
Subject: [PATCH] Do not log contents of installed keypairs by default

This could put private key contents into the ansible log which is
undesireable.

Change-Id: Ic8e548b14e9fac26cf3b5a918479fdf8e0b24c6c
---
 roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml b/roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml
index 6ae352ed..18761b81 100644
--- a/roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml
+++ b/roles/ssh_keypairs/tasks/standalone/install_ssh_key.yml
@@ -34,3 +34,4 @@
   loop: "{{ _ssh_key_slurp.results | default([]) }}"
   when: item.skipped is not defined
   ignore_errors: "{{ ansible_check_mode }}"
+  no_log: "{{ ssh_keypairs_no_log | default(True) }}"