awx icon indicating copy to clipboard operation
awx copied to clipboard

Published 20 hours ago verified publisher icon ansible

Allow prompt on launch for custom credential types

Open mrmibrown opened this issue 3 years ago • 4 comments

ISSUE TYPE
  • Feature Idea
SUMMARY

Create custom credential type to prompt for password on launch

A tower credential can be assigned to the custom credential type, but the password does not prompt since there is not the check box for prompt for password like in the machine credential. I would like to be able to define a custom credential type that prompts for the password and doesn't require it to be stored in tower.

When does the behavior occur? Frequency? Repeatedly? At certain times? It never prompts with this configuration: INPUT CONFIGURATION: fields:

  • id: username type: string label: ADM Username
  • id: password type: string label: ADM Password secret: true required:
  • username

INJECTOR CONFIGURATION: extra_vars: f5_password: '{{ password }}' f5_user: '{{ username }}'

mrmibrown avatar Nov 05 '20 23:11 mrmibrown

Why would you do this and not just prompt for the extra vars / use a survey?

It would be functionally identical.

wenottingham avatar Nov 06 '20 18:11 wenottingham

I guess because you need to add a survey for each template which uses this credential type. This is what I'm doing right now and it tedious when it could just be part of the credential setup.

flynnjs avatar Feb 19 '21 12:02 flynnjs

We would like this functionality also. The reason not to use a survey or extra-var is that the password would be exposed in the log. There should be a way to create credential types that have encrypted fields that are prompted during lunch

jpell958 avatar Mar 22 '21 15:03 jpell958

I have a custom credential type that injects environment variables. Although it would still be possible to use survey and a dedicated task to inject the extra vars into the controller's environment, it would be a lot simpler for it to be a feature of custom credentials.

zendritic avatar Jul 29 '22 14:07 zendritic

I am in the same situation as @zendritic. We have some custom plugins that gets some secret key via an environment variable (in this case SOPS_AGE_KEY from https://github.com/mozilla/sops) and would very much like to supply this via a credential with prompt on launch.

apollo13 avatar Aug 23 '22 11:08 apollo13

Why would you do this and not just prompt for the extra vars / use a survey?

It would not functionally equivalent because survey results are stored and not prompted for on job relaunch.

apollo13 avatar Aug 30 '22 12:08 apollo13

+1 really required feature

kladiv avatar Nov 24 '23 09:11 kladiv

Why would you do this and not just prompt for the extra vars / use a survey?

It would not functionally equivalent because survey results are stored and not prompted for on job relaunch.

I also personally do not want to have my user/password stored in a way that allows a job to be relaunched like it happens when using surveys.

jsalatiel avatar Feb 20 '24 17:02 jsalatiel