|
@@ -1 +1,58 @@ |
|
|
--- |
|
|
--- |
|
|
|
|
|
secrets_generators: |
|
|
|
|
|
- password |
|
|
|
|
|
#- xkcd |
|
|
|
|
|
|
|
|
|
|
|
secrets_stores: |
|
|
|
|
|
- facts |
|
|
|
|
|
- local_facts |
|
|
|
|
|
|
|
|
|
|
|
secrets_set: |- |
|
|
|
|
|
{ |
|
|
|
|
|
{% for secret_name in secrets_definitions.keys() %} |
|
|
|
|
|
{% set secrets_definition = secrets_definitions[secret_name] %} |
|
|
|
|
|
{% set password_length = secrets_definition.password_length | default(secrets_default_password_length) | string %} |
|
|
|
|
|
{% set password_chars = secrets_definition.password_chars|default(secrets_default_password_chars) %} |
|
|
|
|
|
{{secret_name|to_json}}: |
|
|
|
|
|
{{ lookup('password', '/dev/null length='+password_length+' chars='+password_chars ) | to_json }} |
|
|
|
|
|
, |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
secrets_reset: |- |
|
|
|
|
|
{ |
|
|
|
|
|
{% for secret_name in secrets_definitions.keys() %} |
|
|
|
|
|
{% set secrets_definition = secrets_definitions[secret_name] %} |
|
|
|
|
|
{% if secrets_definition.reset | default(false) %} |
|
|
|
|
|
{{secret_name|to_json}}: {{ secrets_set[secret_name] | to_json }}, |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
secrets_set_by_store: |- |
|
|
|
|
|
{ |
|
|
|
|
|
{% for store_name in secrets_stores %} |
|
|
|
|
|
{{store_name|to_json}}: { |
|
|
|
|
|
{% for secret_name in secrets_set.keys() %} |
|
|
|
|
|
{% set secrets_definition = secrets_definitions[secret_name] %} |
|
|
|
|
|
{% if store_name == secrets_definition.store | default(secrets_default_store) %} |
|
|
|
|
|
{{secret_name|to_json}}: {{ secrets_set[secret_name] | to_json }}, |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
}, |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
secrets_reset_by_store: |- |
|
|
|
|
|
{ |
|
|
|
|
|
{% for store_name in secrets_stores %} |
|
|
|
|
|
{{store_name|to_json}}: { |
|
|
|
|
|
{% for secret_name in secrets_reset.keys() %} |
|
|
|
|
|
{% set secrets_definition = secrets_definitions[secret_name] %} |
|
|
|
|
|
{% if store_name == secrets_definition.store | default(secrets_default_store) %} |
|
|
|
|
|
{{secret_name|to_json}}: {{ secrets_reset[secret_name] | to_json }}, |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
}, |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
} |