From 8a8958b46cafbfefaeac3d7aa816f37e0b4a679c Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Mon, 4 Jan 2021 13:19:24 -0700
Subject: [PATCH 1/3] ignoring vaults

---
 ansible/.gitignore                      | 4 ++++
 ansible/playbooks/vars/vaults/README.md | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 ansible/playbooks/vars/vaults/README.md

diff --git a/ansible/.gitignore b/ansible/.gitignore
index 7694a07..d5fa76b 100644
--- a/ansible/.gitignore
+++ b/ansible/.gitignore
@@ -9,3 +9,7 @@ roles/public/*
 #keep fodler holding ansible collections empty
 collections/*
 !README.md
+
+# Ignore all vaults
+vars/vaults/*
+!vars/vaults/README.md
diff --git a/ansible/playbooks/vars/vaults/README.md b/ansible/playbooks/vars/vaults/README.md
new file mode 100644
index 0000000..29ea259
--- /dev/null
+++ b/ansible/playbooks/vars/vaults/README.md
@@ -0,0 +1 @@
+All vaulted files go here. They are not available in this repo.

From abbfcad9099c7e1d2913265e65ff4e7cfa5a65dc Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Mon, 4 Jan 2021 13:20:32 -0700
Subject: [PATCH 2/3] removing vaults

---
 ansible/playbooks/vars/vaults/encpass.yml     | 27 -------------------
 .../vars/vaults/rabbitmq_production.yml       |  4 ---
 .../vars/vaults/rabbitmq_staging.yml          |  4 ---
 3 files changed, 35 deletions(-)
 delete mode 100644 ansible/playbooks/vars/vaults/encpass.yml
 delete mode 100644 ansible/playbooks/vars/vaults/rabbitmq_production.yml
 delete mode 100644 ansible/playbooks/vars/vaults/rabbitmq_staging.yml

diff --git a/ansible/playbooks/vars/vaults/encpass.yml b/ansible/playbooks/vars/vaults/encpass.yml
deleted file mode 100644
index be2f325..0000000
--- a/ansible/playbooks/vars/vaults/encpass.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-# You must set this up using ansible-vault. Note that each var of a particular
-# group (eg ipa) should have its own vault password separate from the rest. The
-# passwords here should not be unlockable by one single password. It may be
-# beneficial instead to split out the various passwords into separate vars
-# files.
-ipaadmin_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-ipadm_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-ipa_binder_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-ipsilon_db_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-koji_db_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-pubsub_federation_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
-gitlab_db_pass: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          REDACTED
diff --git a/ansible/playbooks/vars/vaults/rabbitmq_production.yml b/ansible/playbooks/vars/vaults/rabbitmq_production.yml
deleted file mode 100644
index f59fec4..0000000
--- a/ansible/playbooks/vars/vaults/rabbitmq_production.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-# This will need to be vaulted
-rabbitmq_admin_password: ThisIsNotThePassword!
-rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+"
diff --git a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml b/ansible/playbooks/vars/vaults/rabbitmq_staging.yml
deleted file mode 100644
index f59fec4..0000000
--- a/ansible/playbooks/vars/vaults/rabbitmq_staging.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-# This will need to be vaulted
-rabbitmq_admin_password: ThisIsNotThePassword!
-rabbitmq_cookie: "X4MYneML6Ppp+ajPuG/qdD64ZjdVT1OJF8XUG/o+"

From 91caf03464ccfc30cd77038cc3cfe77779ed1f66 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Mon, 4 Jan 2021 13:25:16 -0700
Subject: [PATCH 3/3] fix gitignore for vaults

---
 ansible/.gitignore                      | 4 ++--
 ansible/playbooks/vars/vaults/README.md | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ansible/.gitignore b/ansible/.gitignore
index d5fa76b..4938ffd 100644
--- a/ansible/.gitignore
+++ b/ansible/.gitignore
@@ -11,5 +11,5 @@ collections/*
 !README.md
 
 # Ignore all vaults
-vars/vaults/*
-!vars/vaults/README.md
+playbooks/vars/vaults/*
+!playbooks/vars/vaults/README.md
diff --git a/ansible/playbooks/vars/vaults/README.md b/ansible/playbooks/vars/vaults/README.md
index 29ea259..6716581 100644
--- a/ansible/playbooks/vars/vaults/README.md
+++ b/ansible/playbooks/vars/vaults/README.md
@@ -1 +1,9 @@
 All vaulted files go here. They are not available in this repo.
+
+The default vault files currently expected:
+
+```
+encpass.yml
+rabbitmq_production.yml
+rabbitmq_staging.yml
+```