docker swarm - Add no_log to the signing_ca_key argument (#80)

* docker swarm - Add no_log to the signing_ca_key argument This will prevent accidental disclosure. See: CVE-2021-20191 * Update changelogs/fragments/CVE-2021-20191_no_log.yml Co-authored-by: Felix Fontein <felix@fontein.de>
ansible-collections · Feb 4, 2021 · 58babf7 · 58babf7
1 parent fc2e149
commit 58babf7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/changelogs/fragments/CVE-2021-20191_no_log.yml b/changelogs/fragments/CVE-2021-20191_no_log.yml
@@ -0,0 +1,2 @@
+security_fixes:
+  - docker_swarm - enabled ``no_log`` for the option ``signing_ca_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.docker/pull/80).
diff --git a/plugins/modules/docker_swarm.py b/plugins/modules/docker_swarm.py
@@ -603,7 +603,7 @@ def main():
         name=dict(type='str'),
         labels=dict(type='dict'),
         signing_ca_cert=dict(type='str'),
-        signing_ca_key=dict(type='str'),
+        signing_ca_key=dict(type='str', no_log=True),
         ca_force_rotate=dict(type='int'),
         autolock_managers=dict(type='bool'),
         node_id=dict(type='str'),