From 9cca9a9c108124b56cd9e90130bf5ea02e3464be Mon Sep 17 00:00:00 2001
From: Christian Fetzer <fetzer.ch@gmail.com>
Date: Thu, 5 Apr 2018 20:08:30 +0200
Subject: [PATCH] docs: Document disabling diff on task level (#37998)

* docs: Document disabling diff on task level

Tasks that deal with secrets may leak sensitive information when
running in Check Mode. This change updates the documentation explaining
that the diff can be deactivated on task level.

The feature was requested in #14860 and got introduced in Ansible 2.4
with #28581.

* Updated for clarity
---
 .../rst/user_guide/playbooks_checkmode.rst        | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/docsite/rst/user_guide/playbooks_checkmode.rst b/docs/docsite/rst/user_guide/playbooks_checkmode.rst
index 6123e0c6fa..9eee4e4425 100644
--- a/docs/docsite/rst/user_guide/playbooks_checkmode.rst
+++ b/docs/docsite/rst/user_guide/playbooks_checkmode.rst
@@ -98,3 +98,18 @@ Since the diff feature produces a large amount of output, it is best used when c
 
     ansible-playbook foo.yml --check --diff --limit foo.example.com
 
+.. versionadded:: 2.4
+
+The ``--diff`` option can reveal sensitive information. This option can disabled for tasks by specifying ``diff: no``. 
+
+Example::
+
+  tasks:
+    - name: this task will not report a diff when the file changes
+      template:
+        src: secret.conf.j2
+        dest: /etc/secret.conf
+        owner: root
+        group: root
+        mode: '0600'
+      diff: no