Update to 2022-03-04 11:00

roles/phpmyadmin/tasks/facts.yml

@@ -35,3 +35,20 @@
         - pass_file: "{{pma_root_dir }}/meta/ansible_dbpass"
     - set_fact: pma_db_pass={{ rand_pass }}
   tags: pma
+
+- name: Encrypt SQL user passwords
+  command: php{{ pma_php_version }} -r "echo openssl_encrypt('{{ item.sql_password }}','aes-128-cbc','{{ pma_sso_encryption_token }}',0,substr(hash('sha256','{{ item.user }}'),0,16));"
+  register: pma_sso_users_encrypted
+  changed_when: False
+  loop: "{{ pma_sso_users | default([]) }}"
+  when: pma_sso_encryption_token is defined
+  tags: pma
+
+- name: Encrypt SQL group passwords
+  command: php{{ pma_php_version }} -r "echo openssl_encrypt('{{ item.sql_password }}','aes-128-cbc','{{ pma_sso_encryption_token }}',0,substr(hash('sha256','{{ item.group }}'),0,16));"
+  register: pma_sso_groups_encrypted
+  changed_when: False
+  loop: "{{ pma_sso_groups | default([]) }}"
+  when: pma_sso_encryption_token is defined
+  tags: pma
+

roles/phpmyadmin/tasks/install.yml

@@ -52,3 +52,12 @@
   when: db_created.changed
   tags: pma
 
+- name: Setup a cron job to cleanup expired sessions
+  cron:
+    name: phpmyadmin_{{ pma_id }}_session_cleanup
+    cron_file: phpmyadmin
+    user: "{{ pma_php_user }}"
+    job: "find {{ pma_root_dir }}/sessions -type f -mmin +480 -exec rm -f \"{}\" \\;"
+    special_time: hourly
+  tags: pma
+