45 lines
1.0 KiB
Markdown
45 lines
1.0 KiB
Markdown
# Ansible Vault Secrets
|
|
|
|
This directory stores encrypted secrets used by playbooks.
|
|
|
|
## Setup
|
|
|
|
1. Create a password file (excluded from git):
|
|
```bash
|
|
echo "your-vault-password" > ansible_vault_pass
|
|
chmod 600 ansible_vault_pass
|
|
```
|
|
|
|
2. Create the secrets file:
|
|
```bash
|
|
ansible-vault create secrets.yml --vault-password-file ansible_vault_pass
|
|
```
|
|
|
|
3. Add your secrets (example structure):
|
|
```yaml
|
|
# Valkey admin password (used by valkey.yml)
|
|
valkey_admin_password: "your-strong-password"
|
|
|
|
# Vault admin database password (used by data-service.yml)
|
|
vault_admin_password: "your-vault-admin-password"
|
|
```
|
|
|
|
## Usage
|
|
|
|
Reference in playbooks:
|
|
```yaml
|
|
vars_files:
|
|
- ../vault/secrets.yml
|
|
```
|
|
|
|
Run playbooks with vault password:
|
|
```bash
|
|
ansible-playbook -i inventory.ini playbooks/valkey.yml --vault-password-file vault/ansible_vault_pass
|
|
```
|
|
|
|
Or set the environment variable:
|
|
```bash
|
|
export ANSIBLE_VAULT_PASSWORD_FILE=vault/ansible_vault_pass
|
|
ansible-playbook -i inventory.ini playbooks/valkey.yml
|
|
```
|