Add no_log to every task that might expose a password

tasks/chown.yml

@@ -6,4 +6,5 @@
     owner: "{{ item.owner | default('www-data') }}"
     group: "{{ item.group | default(item.owner) | default('www-data') }}"
     recurse: true
+  no_log: true
   with_items: "{{ wordpress_installs }}"

tasks/core.yml

@@ -7,6 +7,7 @@
   failed_when: false
   changed_when: false
   with_items: "{{ wordpress_installs }}"
+  no_log: true
   tags:
     - wordpress-core-is-downloaded
 
@@ -18,6 +19,7 @@
   changed_when: true
   with_items: "{{ _check_download.results | default([]) }}"
   when: item.rc != 0
+  no_log: true
   tags:
     - wordpress-core-downloaded
 
@@ -33,6 +35,7 @@
   args:
     creates: "{{ item.path }}/wp-config.php"
   with_items: "{{ wordpress_installs }}"
+  no_log: true
   tags:
     - wordpress-core-configure
 
@@ -44,6 +47,7 @@
   failed_when: false
   changed_when: false
   with_items: "{{ wordpress_installs }}"
+  no_log: true
   tags:
     - wordpress-core-is-installed
 
@@ -58,6 +62,7 @@
   changed_when: true
   with_items: "{{ _check_installation.results | default([]) }}"
   when: item.rc != 0
+  no_log: true
   tags:
     - wordpress-core-install
 
@@ -67,5 +72,6 @@
     --allow-root --no-color --path='{{ item.path }}'
   changed_when: false
   with_items: "{{ wordpress_installs }}"
+  no_log: true
   tags:
     - wordpress-core-install-check

tasks/options.yml

@@ -12,6 +12,7 @@
     - "{{ wordpress_installs }}"
     - options
   when: item.1.command == 'add'
+  no_log: true
   tags:
     - wordpress-options-add
 
@@ -26,6 +27,7 @@
     - "{{ wordpress_installs }}"
     - options
   when: item.1.command == 'update'
+  no_log: true
   tags:
     - wordpress-options-update
 
@@ -41,5 +43,6 @@
     - "{{ wordpress_installs }}"
     - options
   when: item.1.command == 'delete'
+  no_log: true
   tags:
     - wordpress-options-delete

tasks/plugins.yml

@@ -10,6 +10,7 @@
     - "{{ wordpress_installs }}"
     - plugins
   when: item.1
+  no_log: true
   tags:
     - wordpress-plugins-is-installed-plugin
 
@@ -24,6 +25,7 @@
     - not item.item.1.zip | default(false)
     - not item.item.1.url | default(false)
     - item.rc != 0
+  no_log: true
   tags:
     - wordpress-plugins-install-plugin
     - wordpress-plugins-install-plugin-wordpress_org
@@ -41,6 +43,7 @@
     - item.item.1.zip | default(false)
     - not item.item.1.url | default(false)
     - item.rc != 0
+  no_log: true
   tags:
     - wordpress-plugins-install-plugin
     - wordpress-plugins-install-plugin-zip
@@ -57,11 +60,13 @@
     - item.item.1.zip | default(false)
     - not item.item.1.url | default(false)
     - item.rc != 0
+  no_log: true
   tags:
     - wordpress-plugins-install-plugin
     - wordpress-plugins-install-plugin-zip
     - wordpress-plugins-install-plugin-zip-install
 
+
 - name: plugins | install | url
   ansible.builtin.command: >
     wp-cli --allow-root --no-color --path='{{ item.item.0.path }}'
@@ -73,6 +78,7 @@
     - not item.item.1.zip | default(false)
     - item.item.1.url | default(false)
     - item.rc != 0
+  no_log: true
   tags:
     - wordpress-plugins-install-plugin
     - wordpress-plugins-install-plugin-url
@@ -85,6 +91,7 @@
     - "{{ wordpress_installs }}"
     - plugins
   when: item.1.name
+  no_log: true
   tags:
     - wordpress-plugins-check-install-plugin
 
@@ -99,6 +106,7 @@
   when:
     - item.1.name
     - item.1.activate | default(true)
+  no_log: true
   tags:
     - wordpress-plugins-activate-plugin
 
@@ -113,5 +121,6 @@
   when:
     - item.1.name
     - not item.1.activate | default(true)
+  no_log: true
   tags:
     - wordpress-plugins-deactivate-plugin

tasks/queries.yml

@@ -10,5 +10,6 @@
   with_subelements:
     - "{{ wordpress_installs | selectattr('queries', 'defined') | list }}"
     - queries
+  no_log: true
   tags:
     - wordpress-queries-execute-queries

tasks/themes.yml

@@ -10,6 +10,7 @@
     - "{{ wordpress_installs }}"
     - themes
   when: item.1.name
+  no_log: true
   tags:
     - wordpress-themes-is-installed-theme
 
@@ -21,6 +22,7 @@
   when:
     - item.item.1.name
     - item.rc != 0
+  no_log: true
   tags:
     - wordpress-themes-install-theme
 
@@ -32,6 +34,7 @@
     - "{{ wordpress_installs }}"
     - themes
   when: item.1.name
+  no_log: true
   tags:
     - wordpress-themes-install-theme-check
 
@@ -46,5 +49,6 @@
   when:
     - item.1.name
     - item.1.activate | default(false)
+  no_log: true
   tags:
     - wordpress-themes-activate-theme

tasks/users.yml

@@ -10,6 +10,7 @@
   register: _check_copy_users
   with_items: "{{ wordpress_installs }}"
   when: item.users.src is defined
+  no_log: true
   tags:
     - wordpress-users-copy-file
 
@@ -24,5 +25,6 @@
   changed_when: "'Success' in _check_installation_users.stdout"
   with_items: "{{ _check_copy_users.results | default([]) }}"
   when: item.changed
+  no_log: true
   tags:
     - wordpress-users-import-file

tasks/wp-cron.yml

@@ -10,6 +10,7 @@
   when:
     - item.cron is defined
     - item.cron.use_crond | default(false)
+  no_log: true
   tags:
     - wordpress-wp-cron-disable-wp-cron
 
@@ -20,6 +21,7 @@
     state: absent
   with_items: "{{ wordpress_installs }}"
   when: item.cron is undefined or not item.cron.use_crond | default(false)
+  no_log: true
   tags:
     - wordpress-wp-cron-enable-wp-cron
 
@@ -36,5 +38,6 @@
     cron_file: wp-cron
     user: "{{ item.cron.user if item.cron is defined and item.cron.user is defined else 'www-data' }}"
   with_items: "{{ wordpress_installs }}"
+  no_log: true
   tags:
     - wordpress-wp-cron-enable-crond