When working with customer cases many Red Hat support employees regularly make use of a tool called "SOS report" [1]. This tool gathers various files that may be of interest to the supporter working a specific case to troubleshoot a customer issue.

Developers of this tool aim to obfuscate/remove all secrets, passwords and tokens that are present in these files. Unfortunately, we have been gathering the passwords of customers that are running Ansible Automation Platform on RHEL (possibly OpenShift too) for quite a while now.

The list of known erroneously gathered passwords/tokens/secrets are below. There may be others that have not yet been identified.
- Database password
- LDAP bind password
- Broadcast secret (Ansible Automation Platform specific)
- Email password (if notifications are enabled within the Ansible Automation Platform)

A fix is already in place upstream for both the Ansible Automation Platform Controller [2] and Ansible Automation Hub [3], which are both components of the Ansible Automation Platform.

[1]: https://access.redhat.com/solutions/3592
[2]: https://github.com/ansible/awx/pull/14557
[3]: https://github.com/sosreport/sos/pull/3379