---

# TODO remove secrets that are defined for other stores

- name: ansible local facts directory
  file:
    path: /etc/ansible/facts.d
    state: directory

- name: save secrets in ansible local secrets fact
  copy:
    content: "{{ secrets_set_by_store.local_facts | combine(ansible_local.secrets | default({})) | combine(secrets_reset_by_store.local_facts) | to_json }}"
    dest: /etc/ansible/facts.d/secrets.fact
    mode: 0600
  register: _local_facts_set

- name: gathering ansible local facts
  setup:
    gather_subset: min
    filter: ansible_local
  when: _local_facts_set.changed

- name: set secrets gathered from ansible local secrets fact
  set_fact:
    secrets: "{{ secrets | combine(ansible_local.secrets) }}"