av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Secrets: add role for secret deploy

Browse Source
This commit is contained in:
Anton Vakhrushev
2025-08-04 08:06:58 +03:00
parent af39ca9de8
commit 21b52a1887
4 changed files with 132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
roles/secrets/tasks/main.yml Normal file
View File

@@ -0,0 +1,46 @@
---
# tasks file for secrets role
- name: "Validate secrets_dest parameter"
ansible.builtin.fail:
msg: "secrets_dest is required but not defined"
when: secrets_dest is not defined or secrets_dest == ""
- name: "Validate secrets_user parameter"
ansible.builtin.fail:
msg: "secrets_user is required but not defined"
when: secrets_user is not defined or secrets_user == ""
- name: "Validate secrets_group parameter"
ansible.builtin.fail:
msg: "secrets_group is required but not defined"
when: secrets_group is not defined or secrets_group == ""
- name: "Create secrets destination directory"
ansible.builtin.file:
path: "{{ secrets_dest }}"
state: directory
owner: "{{ secrets_user }}"
group: "{{ secrets_group }}"
mode: "{{ secrets_dir_mode }}"
- name: "Save variables as secret files"
ansible.builtin.copy:
content: "{{ lookup('vars', item) }}"
dest: "{{ secrets_dest }}/{{ item }}"
owner: "{{ secrets_user }}"
group: "{{ secrets_group }}"
mode: "{{ secrets_file_mode }}"
loop: "{{ secrets_vars }}"
when: secrets_vars | length > 0
no_log: true
- name: "Copy secret files"
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ secrets_dest }}/{{ item | basename }}"
owner: "{{ secrets_user }}"
group: "{{ secrets_group }}"
mode: "{{ secrets_file_mode }}"
loop: "{{ secrets_files }}"
when: secrets_files | length > 0