---
- name: Check sops installation (Prerequisite)
  ansible.builtin.shell: |
    command -v sops
  changed_when: false
  failed_when: false
  register: "is_sops_installed"
  ignore_errors: true

- name: Failure when sops is missing
  ansible.builtin.fail:
    msg: "sops is not installed. Please install sops manually as described in README.md before running this playbook"
  when: is_sops_installed.rc != 0

- name: Decrypt secret values in console
  environment:
    SOPS_AGE_KEY: "{{ hostvars['console']['age_key'] }}"
  ansible.builtin.command: |
    sops -d --output-type yaml {{ hostvars['console']['node']['config_path'] }}/secrets/secrets.yaml
  changed_when: false
  register: "decrypted_secrets"
  run_once: true
  no_log: true

- name: Load decrypted secret vaules in console
  ansible.builtin.set_fact:
    "{{ item.key }}": "{{ item.value }}"
  loop: "{{ decrypted_secrets.stdout | from_yaml | dict2items }}"
  no_log: true