t2d
commented
4 years ago I think you should set the encrypt optionn, if you use the password lookup plugin. Storing passwords in plain text shouldn't be the default behavior.
Closed mdik closed 3 years ago
t2d
commented
4 years ago I think you should set the encrypt optionn, if you use the password lookup plugin. Storing passwords in plain text shouldn't be the default behavior.
funkyfuture
commented
4 years ago imo the secrets shouldn't be defaulted at all so that the role fails when these values aren't defined.
funkyfuture
commented
4 years ago please ignore my previous, ignorant comment. regarding the recently discussed approach, i wonder whether it would be sufficient to derive the secrets from the inventory hostname, e.g.:
jitsi_meet_videobridge_secret: "{{ 'videobridge secret' | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) | truncate(32) }}"
jitsi_meet_videobridge_muc_nickname: "{{ 'videobridge nickname' | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) | to_uuid }}"i haven't tested that, but merely copied from here and adapted.
that approach should solve #11.
btw, ascii_letters provides a broader pool of potential characters than hexdigits.
this generate and store these passwords on the users computer in plaintext by default, but i think this is still preferable to public default passwords.