44 lines
1.1 KiB
Markdown
44 lines
1.1 KiB
Markdown
|
# Vault Configuration Guide
|
||
|
|
|
||
|
|
## Overview
|
||
|
|
|
||
|
|
The current portfolio demo does not require Ansible Vault for `make test` or `make demo`. Secrets are intentionally kept out of the main validation path so reviewers can run the project offline.
|
||
|
|
|
||
|
|
Use Vault only when extending the simulator to manage real hosts or credentials.
|
||
|
|
|
||
|
|
## Recommended Pattern
|
||
|
|
|
||
|
|
1. Start from the example file:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
cp group_vars/vault.example.yml group_vars/vault.yml
|
||
|
|
```
|
||
|
|
|
||
|
|
2. Replace placeholder values locally.
|
||
|
|
|
||
|
|
3. Encrypt the file before using it with real systems:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
ansible-vault encrypt group_vars/vault.yml
|
||
|
|
```
|
||
|
|
|
||
|
|
4. Do not commit real secret values. Keep `group_vars/vault.example.yml` as the committed reference.
|
||
|
|
|
||
|
|
## Running With Vault
|
||
|
|
|
||
|
|
```bash
|
||
|
|
ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --ask-vault-pass
|
||
|
|
```
|
||
|
|
|
||
|
|
or:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
ansible-playbook -i inventory/hosts.ini playbooks/provision.yml --vault-password-file ~/.vault_pass.txt
|
||
|
|
```
|
||
|
|
|
||
|
|
## Notes
|
||
|
|
|
||
|
|
- The delivered playbooks do not import a vault file by default.
|
||
|
|
- Add `vars_files` only in an environment-specific branch or private overlay.
|
||
|
|
- Prefer a secret manager or automation controller for production use.
|