---
secrets_generators:
  - password
  #- xkcd

secrets_stores:
  - facts
  - local_facts

secrets_set: |-
  {
    {% for secret_name in secrets_definitions.keys() %}
      {% set secrets_definition = secrets_definitions[secret_name] %}
      {% set password_length = secrets_definition.password_length | default(secrets_default_password_length) | string %}
      {% set password_chars = secrets_definition.password_chars|default(secrets_default_password_chars) %}
      {{secret_name|to_json}}:
        {{ lookup('password', '/dev/null length='+password_length+' chars='+password_chars ) | to_json }}
      ,
    {% endfor %}
  }

secrets_reset: |-
  {
    {% for secret_name in secrets_definitions.keys() %}
      {% set secrets_definition = secrets_definitions[secret_name] %}
      {% if secrets_definition.reset | default(false) %}
        {{secret_name|to_json}}: {{ secrets_set[secret_name] | to_json }},
      {% endif %}
    {% endfor %}
  }

secrets_set_by_store: |-
  {
    {% for store_name in secrets_stores %}
      {{store_name|to_json}}: {
        {% for secret_name in secrets_set.keys() %}
          {% set secrets_definition = secrets_definitions[secret_name] %}
          {% if store_name == secrets_definition.store | default(secrets_default_store) %}
            {{secret_name|to_json}}: {{ secrets_set[secret_name] | to_json }},
          {% endif %}
        {% endfor %}
      },
    {% endfor %}
  }

secrets_reset_by_store: |-
  {
    {% for store_name in secrets_stores %}
      {{store_name|to_json}}: {
        {% for secret_name in secrets_reset.keys() %}
          {% set secrets_definition = secrets_definitions[secret_name] %}
          {% if store_name == secrets_definition.store | default(secrets_default_store) %}
            {{secret_name|to_json}}: {{ secrets_reset[secret_name] | to_json }},
          {% endif %}
        {% endfor %}
      },
    {% endfor %}
  }