Related to

Web-Frontend (what users interact with), Ansible (task execution)

Impact

must have for enterprise usage

Missing Feature

There should be 'private' variables available in 'survey variables' that are not displayed to the user (like a password field) and are not saved in the task such that you cannot re-run the task and see the private variables in plaintext.

Currently, all survey variables are displayed in plaintext, and are stored in the tasks in the UI, so you can always go back and view what variable was sent with the task. This poses a security risk with sensitive variables (such as secret keys, passwords, etc.).

Implementation

Very similar to the current survey variables, but with a toggle/checkbox to make it a 'private' variable. This checkbox would make the field not readable to the end user, and would not save the variable value in the task.

Design

No response

Hi @mschmitt-nasuni ,

survey variables passed to Ansible as "Extra vars". Therefore they cannot be private because user can run Ansible playbook and debug mode and see all extra vars.

Unfortunately I don't know how to workaround this. Let me know if you have an idea.

Is there a way to maybe prompt for a variable instead? I know ansible has vars_prompt, but when I tried using that method, Semaphore hung on task execution because it's waiting for user input.

Hi @mschmitt-nasuni currently it is not possible, but this feature in the priority for implementation.

Hi @mschmitt-nasuni

we added Secret type of survey variable. Will be available in following release.