Browse Source

Add encrypted ansible variables

Show the encrypted variables:

$ ansible-vault decrypt --vault-password-file=./vault.pass --output=- vault_vars.yml

Decrypt in-place

$ ansible-vault decrypt --vault-password-file=./vault.pass vault_vars.yml

Encrypt:

$ ansible-vault encrypt --vault-password-file=./vault.pass vault_vars.yml
--
remove-logs
Andreas Linz 3 years ago
parent
commit
b35f91398b
4 changed files with 28 additions and 8 deletions
  1. +1
    -0
      .gitignore
  2. +4
    -2
      Makefile
  3. +2
    -6
      playbook.yml
  4. +21
    -0
      vault_vars.yml

+ 1
- 0
.gitignore View File

@ -1,2 +1,3 @@
/.vagrant/
/*.log
/vault.pass

+ 4
- 2
Makefile View File

@ -1,11 +1,12 @@
.PHONY: vm vagrant clean clean-all
APPS:=$(dir $(wildcard build/*/))
ANSIBLE_OPTS="--vault-password-file=./vault.pass"
all: vm
vm: playbook.yml Vagrantfile vagrant
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook\
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_OPTS)\
--extra-vars='var_domain="klingt.vnet"'\
--private-key='./.vagrant/machines/default/virtualbox/private_key'\
--inventory-file='./.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory'\
@ -13,7 +14,8 @@ vm: playbook.yml Vagrantfile vagrant
playbook.yml
klingt.net: playbook.yml Vagrantfile
ansible-playbook\
ansible-playbook $(ANSIBLE_OPTS)\
--vault-password-file='./vault.pass'\
--verbose\
playbook.yml

+ 2
- 6
playbook.yml View File

@ -7,18 +7,14 @@
- hosts: all
vars:
user_name: alinz
user_password: ThisIsInsecure
user_email: "{{ user_name }}@email-provider.com"
domain: "{{ var_domain | default('klingt.net') }}"
domain_version: unknown
db_password: ThisIsInsecure
gitea_db_password: ThisIsInsecure
gitea_admin_password: ThisIsInsecure
caddy_email: "{{ user_email }}"
caddy_restic_user: alinz
caddy_restic_password: ThisIsInsecure
jupyter_password: 'sha1:7ba04f8b7db3:b647b05c2e317857828f9f4fc929b08d485f9c76'
grafana_password: ThisIsInsecure
vars_files:
- vault_vars.yml
roles:
- common
- postgres

+ 21
- 0
vault_vars.yml View File

@ -0,0 +1,21 @@
$ANSIBLE_VAULT;1.1;AES256
61363031646631366533646363373138313536323739316538303839346339313832623563323336
6536336461656663396636353462363738633835616232610a626362633466613865343566366538
39646431633864353334343938346263383563336434356335616463316661656661666130306330
3264663936333066630a363263343965386632656263373137336337316233303430613436623133
32353266366265346334313161613135623537333432663035636433313938336438346536386134
62313234633563323163363030333039656136373966333363613461373639663038333364353564
62343662363161343163306563333464663065646336363461636339666137313936373334636162
62393838376466623765633065633031663562313630353831623831666335306364366366643130
36393237323031666535633461656164323536316564323865313264323562623765633961383163
31623664356432333961313163643139353663623437356337356162303464613662356365636162
31393865383736396433343961353062303161386331623032643139373639623834643835626433
34316266366335393132393937623336386431363933633364623033633737366365306663386661
64376362366632343735336438323530633434653632396661656537313966376631303862383035
34613830336136636539343061373332363363396663313030633235646635373332333138323636
32306563316465306464666365663963326537613264646462363232363939353865633861333231
66666463323964303235373061653230616435613730306463646166376236363330666362313538
36396462653166313961313030613735636235636437333638306664643935666131653732356431
33363664356331613033313965323332323332383064613664653135623964363532343838363461
30656132333038656666323934653732336239643433306466386235303336363737613530383161
33343761373939626565

Loading…
Cancel
Save