fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prefer encrypted local Ansible vault password

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-04-03 10:54:48 +02:00
parent cf56aeb53d
commit cfc55af097
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
AGENTS.md
View File

@@ -53,7 +53,9 @@ ansible-galaxy collection install -r ansible/collections/requirements.yml
Vault handling:
- `secrets/vault.yml` is the shared encrypted vars file
- `secrets/vault.local.yml` is an optional machine-local encrypted override file and should stay untracked
- `secrets/.vault_pass` is an optional local password file; if absent, Ansible falls back to an interactive prompt via `scripts/vault_password_client.sh`
- `secrets/.vault_pass.gpg` is the preferred optional local vault password file; `scripts/vault_password_client.sh` decrypts it with `gpg`
- `secrets/.vault_pass` remains supported as a legacy local fallback if `.vault_pass.gpg` is absent
- if neither local file exists, Ansible falls back to an interactive prompt via `scripts/vault_password_client.sh`
Core validation from the repo root:
```bash