[security] hcloud_certificate, hcloud_server: define no_log values fo…

…r private_key and ssh_keys parameters (#70)

* hcloud_certificate, hcloud_server: define no_log values for private_key and ssh_keys parameters

* Add changelog fragment

changelogs/fragments/70-no_log_security_fixes.yml

@@ -0,0 +1,2 @@
+security_fixes:
+- hcloud_certificate - mark the ``private_key`` parameter as ``no_log`` to prevent potential leaking of secret values (https://github.com/ansible-collections/hetzner.hcloud/pull/70).

plugins/modules/hcloud_certificate.py

@@ -232,7 +232,7 @@ def define_module():
                 id={"type": "int"},
                 name={"type": "str"},
                 certificate={"type": "str"},
-                private_key={"type": "str"},
+                private_key={"type": "str", "no_log": True},
                 labels={"type": "dict"},
                 state={
                     "choices": ["absent", "present"],

plugins/modules/hcloud_server.py

@@ -563,7 +563,7 @@ def define_module():
                 location={"type": "str"},
                 datacenter={"type": "str"},
                 user_data={"type": "str"},
-                ssh_keys={"type": "list", "elements": "str"},
+                ssh_keys={"type": "list", "elements": "str", "no_log": False},
                 volumes={"type": "list", "elements": "str"},
                 firewalls={"type": "list", "elements": "str"},
                 labels={"type": "dict"},