Use Ansible Vaults to contain secret files/variables

Having them in files lying around in a local repository is dangerous, they could be commited and pushed by accident. Also, having these files in a mail is not good either, and makes this repository complicated to use for us. Change-Id: I644e1fb8228e3cb081a004547abaf654e9c449b7
author: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2016-08-15 11:22:40 +0100
committer: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2016-08-15 14:42:22 +0100
commit: afacdf1e7cf93722a531079217b73975eb625f3e (patch)
tree: 87f2a15bb1ec3b29f79f9aea83ff544a5ba91e03 /baserock_trove
parent: 4ecfb404b2d53425c3a3a07e251c100d6c3a89c0 (diff)
download: infrastructure-afacdf1e7cf93722a531079217b73975eb625f3e.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/baserock_trove/configure-trove.yml b/baserock_trove/configure-trove.yml
index f832e810..2f3434cd 100644
--- a/baserock_trove/configure-trove.yml
+++ b/baserock_trove/configure-trove.yml
@@ -21,7 +21,7 @@
   # course).
     - name: Install SSL certificate
       copy:
-        src: ../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem
+        content: "{{ lookup('file', '../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem') }}"
         dest: /etc/trove/baserock.pem
         mode: 400
 
@@ -37,7 +37,7 @@
 
     - name: Copy ssh keys
       copy:
-        src: ../private/{{ item }}
+        content: "{{ lookup('file', '../private/{{ item }}') }}"
         dest: /etc/trove/{{ item }}
       with_items:
         - admin.key.pub
author	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2016-08-15 11:22:40 +0100
committer	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2016-08-15 14:42:22 +0100
commit	afacdf1e7cf93722a531079217b73975eb625f3e (patch)
tree	87f2a15bb1ec3b29f79f9aea83ff544a5ba91e03 /baserock_trove
parent	4ecfb404b2d53425c3a3a07e251c100d6c3a89c0 (diff)
download	infrastructure-afacdf1e7cf93722a531079217b73975eb625f3e.tar.gz