Closed mdik closed 3 years ago
I think you should set the encrypt
optionn, if you use the password lookup plugin. Storing passwords in plain text shouldn't be the default behavior.
imo the secrets shouldn't be defaulted at all so that the role fails when these values aren't defined.
please ignore my previous, ignorant comment. regarding the recently discussed approach, i wonder whether it would be sufficient to derive the secrets from the inventory hostname, e.g.:
jitsi_meet_videobridge_secret: "{{ 'videobridge secret' | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) | truncate(32) }}"
jitsi_meet_videobridge_muc_nickname: "{{ 'videobridge nickname' | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) | to_uuid }}"
i haven't tested that, but merely copied from here and adapted.
that approach should solve #11.
btw, ascii_letters
provides a broader pool of potential characters than hexdigits
.
this generate and store these passwords on the users computer in plaintext by default, but i think this is still preferable to public default passwords.