infra-automation

Files

ansible df628983d1 Add no_log security protection to cloud-init user-data tasks

Security improvement to prevent sensitive cloud-init configuration
data from appearing in Ansible logs.

Changes:
- Add no_log: true to all cloud-init user-data template tasks
- Applies to Debian/Ubuntu user-data generation
- Applies to RHEL/CentOS/Rocky/Alma user-data generation
- Applies to SUSE/openSUSE user-data generation

Security rationale:
- Cloud-init user-data contains sensitive information:
  * SSH keys and authorized_keys configuration
  * User passwords (hashed but still sensitive)
  * System configuration details
  * Network configuration
- Following CLAUDE.md security guidelines
- Prevents accidental exposure in CI/CD logs
- Aligns with ansible-lint security best practices

Impact:
- No functional changes to role behavior
- Enhanced security posture
- Compliance with security-first principles

Related to: ROLE_ANALYSIS_AND_IMPROVEMENTS.md recommendation 2.2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-11 01:35:19 +01:00

cleanup.yml

Add deploy_linux_vm role with LVM and SSH hardening

2025-11-10 22:51:51 +01:00

cloud-init.yml

Add no_log security protection to cloud-init user-data tasks

2025-11-11 01:35:19 +01:00

deploy.yml

Add deploy_linux_vm role with LVM and SSH hardening

2025-11-10 22:51:51 +01:00

download.yml

Add deploy_linux_vm role with LVM and SSH hardening