I'm working on an Ansible role to add clusters after they are configured to our AIQUM.
To add the cluster, I have to provide a username and a password into the rest call. This password is then plain in the communication and will be logged or could be sniffed. Even if I'm in our secure internal network area, I don't want to have plain passwords ;-).
My question is, is there a way to encrypt the password or tell AIQUM use this (on UM stored) credential, certificate or ssh key for the connection?
I'm definitely not the foremost authority on Ansible (and perhaps someone else will chime in) but if your password data is contained within the body of your POST request, and the URL you specified is HTTPS, is it really being passed to the AIQUM server in plaintext?
I'm not 100% sure if any Active IQ Unified Manager/OCUM log would contain a plaintext POST request like that; however, here is a KB article with a list of the log locations and their descriptions that might be worth a look:
Since the password being posted is part of POST payload and connection is https, it is highly unlikely someone can sniff it. The passwords do not get logged in OCUM logs. We only log the request URL being called. You can find the logs under /var/logs/ocum/*.log. Specifically you can take a look at access_log.log where we keep all request made to OCUM for auditing purposes.
There currently isn't a way to pass encrypted password for adding a datasource.