diff --git a/ansible/.gitignore b/ansible/.gitignore index 7694a07..4938ffd 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -9,3 +9,7 @@ roles/public/* #keep fodler holding ansible collections empty collections/* !README.md + +# Ignore all vaults +playbooks/vars/vaults/* +!playbooks/vars/vaults/README.md diff --git a/ansible/playbooks/vars/vaults/README.md b/ansible/playbooks/vars/vaults/README.md new file mode 100644 index 0000000..6716581 --- /dev/null +++ b/ansible/playbooks/vars/vaults/README.md @@ -0,0 +1,9 @@ +All vaulted files go here. They are not available in this repo. + +The default vault files currently expected: + +``` +encpass.yml +rabbitmq_production.yml +rabbitmq_staging.yml +``` diff --git a/ansible/playbooks/vars/vaults/encpass.yml b/ansible/playbooks/vars/vaults/encpass.yml deleted file mode 100644 index be2f325..0000000 --- a/ansible/playbooks/vars/vaults/encpass.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# You must set this up using ansible-vault. Note that each var of a particular -# group (eg ipa) should have its own vault password separate from the rest. The -# passwords here should not be unlockable by one single password. It may be -# beneficial instead to split out the various passwords into separate vars -# files. -ipaadmin_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipadm_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipa_binder_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -ipsilon_db_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -koji_db_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -pubsub_federation_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED -gitlab_db_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - REDACTED diff --git a/ansible/playbooks/vars/vaults/rabbitmq_production.yml b/ansible/playbooks/vars/vaults/rabbitmq_production.yml deleted file mode 100644 index f59fec4..0000000 --- a/ansible/playbooks/vars/vaults/rabbitmq_production.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# This will need to be vaulted -rabbitmq_admin_password: ThisIsNotThePassword! -rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+" diff --git a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml b/ansible/playbooks/vars/vaults/rabbitmq_staging.yml deleted file mode 100644 index f59fec4..0000000 --- a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# This will need to be vaulted -rabbitmq_admin_password: ThisIsNotThePassword! -rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+"