# Ansible Vault Secrets

This directory stores encrypted secrets used by playbooks.

## Setup

1. Create a password file (excluded from git):
   ```bash
   echo "your-vault-password" > ansible_vault_pass
   chmod 600 ansible_vault_pass
   ```

2. Create the secrets file:
   ```bash
   ansible-vault create secrets.yml --vault-password-file ansible_vault_pass
   ```

3. Add your secrets (example structure):
   ```yaml
   # Valkey admin password (used by valkey.yml)
   valkey_admin_password: "your-strong-password"

   # Vault admin database password (used by data-service.yml)
   vault_admin_password: "your-vault-admin-password"
   ```

## Usage

Reference in playbooks:
```yaml
vars_files:
  - ../vault/secrets.yml
```

Run playbooks with vault password:
```bash
ansible-playbook -i inventory.ini playbooks/valkey.yml --vault-password-file vault/ansible_vault_pass
```

Or set the environment variable:
```bash
export ANSIBLE_VAULT_PASSWORD_FILE=vault/ansible_vault_pass
ansible-playbook -i inventory.ini playbooks/valkey.yml
```