If you need to expand an encrypted zip file using the Ansible unarchive module, then you will need to provide the password using the ‘extra_opts’ parameter. Per below, make sure you place the “-P” flag as an independent argument to the password. – name: unzip encrypted zip unarchive: src: mysource.zip dest: /remote/path extra_opts: – “-P” … Ansible: unzipping an encrypted file using the unarchive module
If a git repository requires credentials to clone, and you are still using a username/password (instead of ssh key), it is still possible to have the repository cloned in your automation scripts without be prompted. You just have to ensure that the username and password are properly URL encoded. From the command line, the syntax … Ansible: cloning a git repository that requires credentials
If you accidentally pushed a secret or password into a git repository, the BFG Repo-Clean utility is a convenient option for removing all traces of the secret from the entire git commit history. It is also possible to use ‘git-filter-branch‘, but I find BFG more convenient and faster.
If you currently store sensitive credentials in plaintext to automate scripting or integration to other systems, you should consider an extra layer of security by storing them encrypted using GPG. There is no fullproof way to hide sensitive information for a service that also needs to decrypt them as part of normal operations (think DVD … Linux: Using GPG encrypted credentials for enhanced security
It is more popular to use an ssh key instead of a password when automating a git clone from a guest OS. But if you do need to specify the password directly into the console command, it takes this form: $ git clone https://<user>:<password>@<gitserver>/<path>/<repo>.git Which works fine if the password is plaintext, but if it … GIT: Calling git clone using password with special character