30 lines
938 B
YAML
30 lines
938 B
YAML
---
|
|
- name: Check sops installation (Prerequisite)
|
|
ansible.builtin.shell: |
|
|
command -v sops
|
|
changed_when: false
|
|
failed_when: false
|
|
register: "is_sops_installed"
|
|
ignore_errors: true
|
|
|
|
- name: Failure when sops is missing
|
|
ansible.builtin.fail:
|
|
msg: "sops is not installed. Please install sops manually as described in README.md before running this playbook"
|
|
when: is_sops_installed.rc != 0
|
|
|
|
- name: Decrypt secret values in console
|
|
environment:
|
|
SOPS_AGE_KEY: "{{ hostvars['console']['age_key'] }}"
|
|
ansible.builtin.command: |
|
|
sops -d --output-type yaml {{ hostvars['console']['node']['config_path'] }}/secrets/secrets.yaml
|
|
changed_when: false
|
|
register: "decrypted_secrets"
|
|
run_once: true
|
|
no_log: true
|
|
|
|
- name: Load decrypted secret vaules in console
|
|
ansible.builtin.set_fact:
|
|
"{{ item.key }}": "{{ item.value }}"
|
|
loop: "{{ decrypted_secrets.stdout | from_yaml | dict2items }}"
|
|
no_log: true
|