1 files changed, 45 insertions, 0 deletions

diff --git a/src/ansiblelint/rules/no_log_password.md b/src/ansiblelint/rules/no_log_password.md
new file mode 100644
index 0000000..579dd11
--- /dev/null
+++ b/src/ansiblelint/rules/no_log_password.md
@@ -0,0 +1,45 @@
+# no-log-password
+
+This rule ensures playbooks do not write passwords to logs when using loops.
+Always set the `no_log: true` attribute to protect sensitive data.
+
+While most Ansible modules mask sensitive data, using secrets inside a loop can result in those secrets being logged.
+Explicitly adding `no_log: true` prevents accidentally exposing secrets.
+
+## Problematic Code
+
+```yaml
+---
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Log user passwords
+      ansible.builtin.user:
+        name: john_doe
+        comment: John Doe
+        uid: 1040
+        group: admin
+        password: "{{ item }}"
+      with_items:
+        - wow
+      no_log: false # <- Sets the no_log attribute to false.
+```
+
+## Correct Code
+
+```yaml
+---
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Do not log user passwords
+      ansible.builtin.user:
+        name: john_doe
+        comment: John Doe
+        uid: 1040
+        group: admin
+        password: "{{ item }}"
+      with_items:
+        - wow
+      no_log: true # <- Sets the no_log attribute to a non-false value.
+```