Open JMLX42 opened 3 years ago
Relevant official documentation: https://docs.ansible.com/ansible/2.9/user_guide/vault.html
Relevant tutorial (in French): https://blog.stephane-robert.info/post/ansible-vault/
@JMLX42 I can start to setup ansible-vault:
LAPRIMAIRE_2022_SSH_KEY
, has it been replaced?)
(We would still have the env var lookups, if we need them at some point, but the default values would be protected)Then you can:
Then I can use the GitHub encrypted-secret to do #3.
Have I missed something?
I did miss something: the ansible-vault password will be required to provision a VM locally so the devs will need to be able to access it.
I guess we could use groups inventories, dev
and prod
for example where dev
uses the current un-encrypted default values and prod
uses the new encrypted values.
Edit: inventories may be more appropriate inventaires Ansible (FR).
LAPRIMAIRE_2022_SSH_KEY
GHOST_DATABASE_USER
GHOST_DATABASE_PASSWORD
MATOMO_DATABASE_ROOT_PASSWORD
MATOMO_DATABASE_PASSWORD
MATOMO_PASSWORD
DISCOURSE_POSTGRESQL_PASSWORD
DISCOURSE_SMTP_PASSWORD
DISCOURSE_REDIS_PASSWORD
GRAFANA_ADMIN_PASSWORD