From 63f45dc19311dd01737ffe5fbd73dc7cf9349bbe Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Fri, 26 Nov 2021 07:55:46 +0100
Subject: [PATCH] chore(server): do not leak secrets in ansible task names

---
 roles/server/tasks/configure-single-setting.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/server/tasks/configure-single-setting.yml b/roles/server/tasks/configure-single-setting.yml
index 603d374..e0f148c 100644
--- a/roles/server/tasks/configure-single-setting.yml
+++ b/roles/server/tasks/configure-single-setting.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: Ensure {{ key }} is set to {{ value }}
+- name: Ensure {{ key }} is set to {{ '***' if ['pass', 'secret', 'key']|select('in', key) else value }}
   block:
     - name: Check value of {{ key }}
       community.docker.docker_container_exec:
@@ -12,7 +12,7 @@
       check_mode: false
       changed_when: false
 
-    - name: Set {{ key }} to {{ value }}
+    - name: Set {{ key }} to {{ '***' if (['pass', 'secret', 'key']|select('in', key)) else value }}
       community.docker.docker_container_exec:
         container: "{{ nextcloud_container_name }}"
         command: "{{ nextcloud_occ_command }} config:{{ type }}:set {{ scope }} {{ entry }} --type={{ value_type }} --value={{ value }} -n"