CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions
ansible-infra/docs/guides/sops-storing-secrets.md
June 411200884b
Some checks failed
/ Ansible Lint (push) Successful in 2m22s
Details
/ build (push) Failing after 2m40s
Details
docs: overhaul SOPS documentation for better structure and readability
2026-05-20 18:57:21 +02:00

1.4 KiB
Raw Blame History

title summary
SOPS: Storing Secrets How to Store Secrets Using SOPS

SOPS: Storing Secrets

Some guidance on how to store secrets using SOPS. For a guide on how to setup SOPS for a new host, see SOPS: New Host.

  1. For storing host-specific secrets, open the host-specific SOPS file: 
    sops inventories/<chaosknoten/z9/...>/host_vars/<hostname>.sops.yaml
    For inventory-wide secrets, open the inventories all group SOPS file: 
    sops inventories/<chaosknoten/z9/...>/group_vars/all.sops.yaml
  2. Now the secrets can be added to the opened file. Because we're using the community.sops.sops vars plugin, the stored secrets will then be exposed as Ansible variables.
    Note that SOPS only encrypts the values, not the keys.
    When creating entries, try to adhere to the following variable naming conventions:
    • Prefix variable names with secret__, if they are intended to be used in a template file or similar, e.g.: 
      secret__netbox_secret_key: secret_value
    • Otherwise, if the variable is directly consumed by a role or similar, directly set the variable, e.g.: 
      netbox__db_password: secret_value
  3. After closing the editor, the secrets are stored. In Ansible they are exposed as variables and can simply be used like any other variable.