Hi. First, executing the license task without license url has been fixed and the change was merged a couple days ago. Second, it is an Ansible behavior to print out the command (which contains password in cleartext) when the task failed.
Possible solution that comes to my mind: wrap how we run the ansible playbook within a script so that we can capture the Ansible output before it makes to stdout and filter those password. So not run Ansible in the entrypoint. What do you guys think?