33 lines
1.4 KiB
YAML
33 lines
1.4 KiB
YAML
---
|
|
# Onboarding playbook: bootstrap Ansible Vault infrastructure for secrets management
|
|
# Concept: This is the entry point for beginners to safely set up vault on the control node.
|
|
# It runs on localhost (control node) and prepares directories, validates prerequisites,
|
|
# and provides guidance for encrypting the first secret.
|
|
#
|
|
# Usage:
|
|
# First run (setup only):
|
|
# ansible-playbook playbooks/onboarding/setup_ansible_secrets.yml --tags bootstrap
|
|
#
|
|
# Validation (check infrastructure health):
|
|
# ansible-playbook playbooks/onboarding/setup_ansible_secrets.yml --tags validate
|
|
#
|
|
# With vault password prompts (instead of password file):
|
|
# ansible-playbook playbooks/onboarding/setup_ansible_secrets.yml --ask-vault-pass
|
|
#
|
|
# Example creation (for self-learning):
|
|
# ansible-playbook playbooks/onboarding/setup_ansible_secrets.yml --tags example --extra-vars create_example_vault=true
|
|
|
|
- name: Bootstrap Ansible Vault for secrets management
|
|
hosts: localhost
|
|
gather_facts: false
|
|
vars:
|
|
# Override these to customize vault paths or behavior
|
|
# Example: ansible-playbook ... --extra-vars vault_base_dir=/etc/ansible/vault
|
|
vault_base_dir: "{{ lookup('env', 'HOME') }}/.ansible/vault"
|
|
vault_password_file: "{{ vault_base_dir }}/password"
|
|
vault_vars_dir: "{{ playbook_dir }}/../group_vars/vault"
|
|
roles:
|
|
- secrets_onboarding
|
|
tags:
|
|
- always
|