feat: add ability to toggle 'no_log' property on tailscale up task

README.md

@@ -59,6 +59,16 @@ Helpful when packaging up a Tailscale installation into a build process such as
 
 ## Optional
 
+### insecurely_log_authkey
+
+**Default**: `false`
+
+If set to `true`, the "Bring Tailscale Up" command will not mask any failing output message.
+The authkey is not logged in successful task completions.
+Since the authkey is printed to the console if the task fails, [no_log](https://docs.ansible.com/ansible/latest/reference_appendices/logging.html#protecting-sensitive-data-with-no-log) is enabled by default on the task.
+
+If you are encountering an error bringing Tailscale up and want the "Bring Tailscale Up" task to log details on the error, set this variable to `true`.
+
 ### force
 
 **Default**: `false`

defaults/main.yml

@@ -14,3 +14,7 @@ force: false
 # Whether to use the stable or unstable upstream Tailscale build.
 # Strongly recommend to leave on 'stable' unless you know what you're doing
 release_stability: stable
+# Whether to log your Tailscale authkey in the event of some error with the "Bring Tailscale Up" command.
+# Since this value is sensitive, log output is disabled by default.
+# You can easily toggle this value by setting this variable to "true".
+insecurely_log_authkey: false

tasks/main.yml

@@ -104,8 +104,8 @@
   # The command module cannot use | ; &
   # So we are ok not quoting the variables
   command: tailscale up --authkey={{ tailscale_auth_key }} {{ tailscale_args | default() }}
-  # Since the auth key is included in this task, we do not want to log output
-  no_log: true
+  # Since the auth key is included in this task's output, we do not want to log output
+  no_log: "{{ not (insecurely_log_authkey | bool) }}"
   register: tailscale_start
   when: >
     force | bool or