Gossip encrypt secret for Consul make ansible deployments annoying #18
Labels
No Label
bug
deployment
design
feature
maintenance
observability
review
No Milestone
No project
No Assignees
2 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/infrastructure#18
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
roles/consul/vars/main.yml.sample
must be copied toroles/consul/vars/main.yml
We should find a better alternative or at least document it...
I use
ansible-vault
to encrypt a file ingroup_vars/all
in my repo, it's a fine solution.It's a YAML vars file you would fill like any other:
To encrypt it (ensure you do it before any commit):
When calling
ansible-playbook
, you need to add the--ask-vault-pass
parameter. I admit that having to enter the vault password at each run is a pain in the ass, but it's safe and you can commit the secrets file.