From 137caed836ef096945086cfe75dc11587b68db3a Mon Sep 17 00:00:00 2001
From: Brian Coca <bcoca@users.noreply.github.com>
Date: Fri, 3 Apr 2020 15:01:34 -0400
Subject: document danger of kubectl options (#68195)

---
 lib/ansible/plugins/connection/kubectl.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ansible/plugins/connection/kubectl.py b/lib/ansible/plugins/connection/kubectl.py
index 063d38d437..a5f43f11f7 100644
--- a/lib/ansible/plugins/connection/kubectl.py
+++ b/lib/ansible/plugins/connection/kubectl.py
@@ -65,6 +65,7 @@ DOCUMENTATION = """
       kubectl_extra_args:
         description:
           - Extra arguments to pass to the kubectl command line.
+          - Please be aware that this passes information directly on the command line and it could expose sensitive data.
         default: ''
         vars:
           - name: ansible_kubectl_extra_args
@@ -108,6 +109,8 @@ DOCUMENTATION = """
       kubectl_password:
         description:
           - Provide a password for authenticating with the API.
+          - Please be aware that this passes information directly on the command line and it could expose sensitive data.
+            We recommend using the file based authentication options instead.
         default: ''
         vars:
           - name: ansible_kubectl_password
@@ -116,6 +119,8 @@ DOCUMENTATION = """
       kubectl_token:
         description:
           - API authentication bearer token.
+          - Please be aware that this passes information directly on the command line and it could expose sensitive data.
+            We recommend using the file based authentication options instead.
         vars:
           - name: ansible_kubectl_token
           - name: ansible_kubectl_api_key
-- 
cgit v1.2.1