Add support for ansible-vault for secret generation

Sem-Ver: feature Change-Id: I4e56ea595618c2646158a29395856958fa567b59
2022-03-17 21:13:14 -04:00 · 2022-03-17 21:13:14 -04:00 · 498593aa86
parent 97967b16c4
commit 498593aa86
2 changed files with 10 additions and 0 deletions
--- a/playbooks/generate_secrets.yml
+++ b/playbooks/generate_secrets.yml
@ -30,3 +30,9 @@
      ansible.builtin.copy:
        content: "{{ secrets | to_nice_yaml }}"
        dest: "{{ secrets_path }}"
+
+    - name: Encrypt secrets file with Vault password
+      ansible.builtin.shell:
+        ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
+      when:
+        - secrets_vault_password_file is defined
--- a/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml
+++ b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - The ``generate_secrets`` playbook can now be used to generate secrets that
+    are encrypted using ``ansible-vault``.