One of Ansible's strengths is the fact that its 'agentless' architecture uses SSH for control of remote servers. And one classic problem in remote Git administration is authentication; if you're cloning a private Git repository that requires authentication, how can you do this while also protecting your own private SSH key (by not copying it to the remote server)?
As an example, here's a task that clones a private repository to a particular folder:
- name: Clone a private repository into /opt.
# ssh-agent doesn't allow key to pass through remote sudo commands.
If you run this task, you'll probably end up with something like: