Library to clean up Ansible tasks from any Personally Identifiable Information (PII)
- Free software: Apache Software License 2.0
- Credit Card number
- email address
- IP address
- MAC address
- US SSN
- US phone number
- YAML comment
- password value, when the field name is identified as being sensitive
- user name from home directory path
The library can be used to remove the PII from a multi level structure:
from ansible_anonymizer.anonymizer import anonymize_struct
example = [{"name": "foo bar", "email": "my-email@address.com"}]
anonymize_struct(example)
# [{'name': 'foo bar', 'email': 'noah2@example.com'}]But you can also anonymize a block of text:
from ansible_anonymizer.anonymizer import anonymize_text_block
some_text = """
- name: a task
a_module:
secret: foobar
"""
anonymize_text_block(some_text)
# '\n- name: a task\n a_module:\n secret: "{{ secret }}"\n'You can also use the ansible-anonymizer command:
ansible-anonymizer my-secret-fileBy default, the variables are anonymized with a string based on the name of the field.
You can customize it with the value_template parameter:
from ansible_anonymizer.anonymizer import anonymize_struct
from string import Template
original = {"password": "$RvEDSRW#R"}
value_template = Template("_${variable_name}_")
anonymize_struct(original, value_template=value_template)
# {'password': '_password_'}anonymize_text_block()relies on its own text parser which only support a subset of YAML features. Because of this, it may not be able to identify some PII. When possible, useanonymize_structwhich accepts a Python structure instead.- The Anonymizer is not a silver bullet and it's still possible to see PII going through the filters.