awx
awx copied to clipboard
Allow prompt on launch for custom credential types
ISSUE TYPE
- Feature Idea
SUMMARY
Create custom credential type to prompt for password on launch
A tower credential can be assigned to the custom credential type, but the password does not prompt since there is not the check box for prompt for password like in the machine credential. I would like to be able to define a custom credential type that prompts for the password and doesn't require it to be stored in tower.
When does the behavior occur? Frequency? Repeatedly? At certain times? It never prompts with this configuration: INPUT CONFIGURATION: fields:
- id: username type: string label: ADM Username
- id: password type: string label: ADM Password secret: true required:
- username
INJECTOR CONFIGURATION: extra_vars: f5_password: '{{ password }}' f5_user: '{{ username }}'
Why would you do this and not just prompt for the extra vars / use a survey?
It would be functionally identical.
I guess because you need to add a survey for each template which uses this credential type. This is what I'm doing right now and it tedious when it could just be part of the credential setup.
We would like this functionality also. The reason not to use a survey or extra-var is that the password would be exposed in the log. There should be a way to create credential types that have encrypted fields that are prompted during lunch
I have a custom credential type that injects environment variables. Although it would still be possible to use survey and a dedicated task to inject the extra vars into the controller's environment, it would be a lot simpler for it to be a feature of custom credentials.
I am in the same situation as @zendritic. We have some custom plugins that gets some secret key via an environment variable (in this case SOPS_AGE_KEY from https://github.com/mozilla/sops) and would very much like to supply this via a credential with prompt on launch.
Why would you do this and not just prompt for the extra vars / use a survey?
It would not functionally equivalent because survey results are stored and not prompted for on job relaunch.
+1 really required feature
Why would you do this and not just prompt for the extra vars / use a survey?
It would not functionally equivalent because survey results are stored and not prompted for on job relaunch.
I also personally do not want to have my user/password stored in a way that allows a job to be relaunched like it happens when using surveys.