move secrets from sops lookup plugin to sops vars plugin
Some checks failed
/ Ansible Lint (push) Failing after 1m54s
Some checks failed
/ Ansible Lint (push) Failing after 1m54s
This makes secret configuration and usage a good bit cleaner.
This commit is contained in:
parent
66e2e354b1
commit
7f1afef50d
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
42 changed files with 2449 additions and 2446 deletions
|
|
@ -32,11 +32,11 @@ services:
|
|||
- keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KEYCLOAK_ADMIN_PASSWORD']") }}
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ secret__keycloak_admin_password }}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL_HOST: db
|
||||
KC_DB_USERNAME: keycloak
|
||||
KC_DB_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['KC_DB_PASSWORD']") }}
|
||||
KC_DB_PASSWORD: {{ secret__keycloak_db_password }}
|
||||
KC_HOSTNAME: https://id.hamburg.ccc.de
|
||||
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
|
||||
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
|
||||
|
|
@ -54,7 +54,7 @@ services:
|
|||
- "./database:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: {{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['POSTGRES_PASSWORD']") }}
|
||||
POSTGRES_PASSWORD: {{ secret__keycloak_db_password }}
|
||||
POSTGRES_DB: keycloak
|
||||
|
||||
id-invite-web:
|
||||
|
|
@ -76,10 +76,10 @@ services:
|
|||
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
|
||||
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
|
||||
- "IDINVITE_VALID_HOURS=50"
|
||||
- "IDINVITE_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_TOKEN_SECRET']") }}"
|
||||
- "IDINVITE_SECRET={{ secret__idinvite_token_secret }}"
|
||||
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
|
||||
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
|
||||
- "MAIL_FROM=no-reply@hamburg.ccc.de"
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ services:
|
|||
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
|
||||
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['NO_REPLY_SMTP']") }}"
|
||||
- "SMTP_PASSWORD={{ secret__id_no_reply_smtp }}"
|
||||
|
||||
id-invite-keycloak:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
|
|
@ -107,10 +107,10 @@ services:
|
|||
environment:
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_CLIENT_SECRET']") }}"
|
||||
- "IDINVITE_CLIENT_SECRET={{ secret__idinvite_client_secret }}"
|
||||
- "KEYCLOAK_API_URL=http://keycloak:8080"
|
||||
- "KEYCLOAK_API_USERNAME=id-invite"
|
||||
- "KEYCLOAK_API_PASSWORD={{ lookup("community.sops.sops", "resources/chaosknoten/keycloak/secrets.yaml", extract="['IDINVITE_ADMIN_PASSWORD']") }}"
|
||||
- "KEYCLOAK_API_PASSWORD={{ secret__idinvite_admin_password }}"
|
||||
- "KEYCLOAK_API_REALM=ccchh"
|
||||
- 'KEYCLOAK_GROUPS=["user"]'
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue