'[sysadmin/kde-ansible] host_vars: Use best practices for indirection in vault'ed variable names.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    [sysadmin/kde-ansible] host_vars: Use best practices for indirection in vault'ed variable names.
From:       Nicolás_Alvarez <null () kde ! org>
Date:       2017-08-01 2:14:28
Message-ID: E1dcMhY-0004Hp-E3 () code ! kde ! org
[Download RAW message or body]

Git commit e7ef5d2dfeb8b39dd0d687334d0c7ec73483d2de by Nicol=C3=A1s Alvarez.
Committed on 01/08/2017 at 02:09.
Pushed by nalvarez into branch 'master'.

Use best practices for indirection in vault'ed variable names.

Instead of having a 'secret' variable in a vault-encrypted file, put
'vault_secret' in the encrypted file and a plaintext vars file with
secret: "{{vault_secret}}". This allows grepping for the variable name
without having to decrypt.

M  +1    -0    host_vars/identity.kde.org/vars.yml
M  +6    -6    host_vars/identity.kde.org/vault.yml
A  +1    -0    host_vars/olios.kde.org/vars.yml
M  +7    -6    host_vars/olios.kde.org/vault.yml

https://commits.kde.org/sysadmin/kde-ansible/e7ef5d2dfeb8b39dd0d687334d0c7e=
c73483d2de

diff --git a/host_vars/identity.kde.org/vars.yml b/host_vars/identity.kde.o=
rg/vars.yml
index f8c6e6c..a3254a8 100644
--- a/host_vars/identity.kde.org/vars.yml
+++ b/host_vars/identity.kde.org/vars.yml
@@ -1,3 +1,4 @@
 ---
 backup_directory: backup
 hetzner_backup_host: saba
+mysql_root_password: "{{vault_mysql_root_password}}"
diff --git a/host_vars/identity.kde.org/vault.yml b/host_vars/identity.kde.=
org/vault.yml
index 9116624..561f28d 100644
--- a/host_vars/identity.kde.org/vault.yml
+++ b/host_vars/identity.kde.org/vault.yml
@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-36393063306439353563396237343263643238656537656134653662306130303164306363=
343462
-3332313537373033636337623936656665336362666266340a636233653235353538623435=
353836
-63383463376333393466653662346238613665613135343165666439633438383130623634=
376431
-3366326434623331620a373563616264333235303365343139656263363166373563623539=
386236
-34373466626562353362333935363931323466303536383639313339383137376433396439=
623066
-6132626435326431623132633961366533316162393066666561
+30303131343566356439366635323630306133643836626437313931626237326333613134=
613565
+6161326266383437366135663063363533353762363237330a633762363835616664393964=
306635
+63326239633739623030363763383266313530313563313136666464383133316433323861=
666332
+3062343734376632380a323230316664623432353262396663626266363736336236663265=
333334
+33303938663630363631383934306436656431326438363864636330326338316235616466=
343934
+6339653938663366663437316635656536623662356562643536
diff --git a/host_vars/olios.kde.org/vars.yml b/host_vars/olios.kde.org/var=
s.yml
new file mode 100644
index 0000000..e330da2
--- /dev/null
+++ b/host_vars/olios.kde.org/vars.yml
@@ -0,0 +1 @@
+mysql_passwords: "{{vault_mysql_passwords}}"
diff --git a/host_vars/olios.kde.org/vault.yml b/host_vars/olios.kde.org/va=
ult.yml
index 23ca5d5..8961404 100644
--- a/host_vars/olios.kde.org/vault.yml
+++ b/host_vars/olios.kde.org/vault.yml
@@ -1,7 +1,8 @@
 $ANSIBLE_VAULT;1.1;AES256
-33663765306665613962323435316264626437306163613064336636613930643835633936=
613739
-6430323331373835376430333234666564346461663361630a626231366565663366363166=
363031
-65376264313165326133373638633364383864346435323465653835356437383132343032=
613662
-3866306462313437340a303664373430393132393133383734386365353562316333656664=
336561
-36663364313833643130643835653833636163353264633465313239323830646661313235=
666562
-3537393433383666626461396334663434643134376531376438
+61323533643661626261613035626131656466313138373737366165666538306366303263=
626330
+3335613837373465663938343933663166383431306337350a306438346234313738393639=
316133
+66343265303138313136323635313731373065346436383838613534613537613563373439=
663531
+6233643732653433650a353262333037616166323138356565656130363734616135323463=
386439
+35343237653338373530393335306265323666343438656439353831613535356137313764=
613938
+34363964646333636636306536303034326334636236363762316535393161383031356361=
323432
+303361653739663864323336346532636235
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic