docs(changelog): version 1.7.0 [citest_skip]

.README.html

@@ -161,6 +161,8 @@ <h1 class="toc-title">Contents</h1>
 id="toc-postgresql_input_file">postgresql_input_file</a></li>
 <li><a href="#postgresql_server_tuning"
 id="toc-postgresql_server_tuning">postgresql_server_tuning</a></li>
+<li><a href="#postgresql_secure_logging"
+id="toc-postgresql_secure_logging">postgresql_secure_logging</a></li>
 </ul></li>
 <li><a href="#idempotence" id="toc-idempotence">Idempotence</a>
 <ul>
@@ -294,6 +296,19 @@ <h2 id="postgresql_server_tuning">postgresql_server_tuning</h2>
 independent of the actual deployment.</p>
 <p>See the <a href="examples"><code>examples/</code></a> for
 details.</p>
+<h2 id="postgresql_secure_logging">postgresql_secure_logging</h2>
+<p>If <code>true</code>, suppress potentially sensitive output from
+tasks that handle credentials, secrets, and other sensitive data by
+setting <code>no_log: true</code> on those tasks. This prevents
+passwords, API tokens, private keys, and similar sensitive information
+from appearing in Ansible logs and console output.</p>
+<p>If you need to debug issues with credential handling or secret
+management, you can temporarily set
+<code>postgresql_secure_logging: false</code> to see the full output
+from these tasks. However, be aware that this may expose sensitive
+information in logs, so it should only be used in development or
+troubleshooting scenarios.</p>
+<p>Default: <code>true</code></p>
 <h1 id="idempotence">Idempotence</h1>
 <p>This section should cover role behavior for repeated runs.</p>
 <h2 id="password-change">Password change</h2>

CHANGELOG.md

@@ -1,6 +1,17 @@
 Changelog
 =========
 
+[1.7.0] - 2026-05-07
+--------------------
+
+### New Features
+
+- feat: new variable `postgresql_secure_logging` defaulting to `true` (#184)
+
+### Other Changes
+
+- ci: bump actions/github-script from 8 to 9 (#183)
+
 [1.6.0] - 2026-04-28
 --------------------