Add support for ansible-vault for secret generation Sem-Ver: feature Change-Id: I4e56ea595618c2646158a29395856958fa567b59

commit: 498593aa86872c8fdfaa9dfcf07b0c71261b7db5 [log] [tgz]
author: Mohammed Naser <mnaser@vexxhost.com> Thu Mar 17 21:13:14 2022 -0400
committer: Mohammed Naser <mnaser@vexxhost.com> Thu Mar 17 23:28:57 2022 -0400
tree: dbad1b723c13ad69a446b7756f7c63e489f00114
parent: 97967b16c47e59f9e542907d8610d1c85193337c [diff]
diff --git a/playbooks/generate_secrets.yml b/playbooks/generate_secrets.yml
index 88dbf23..6ed535c 100644
--- a/playbooks/generate_secrets.yml
+++ b/playbooks/generate_secrets.yml

@@ -30,3 +30,9 @@
       ansible.builtin.copy:
         content: "{{ secrets | to_nice_yaml }}"
         dest: "{{ secrets_path }}"
+
+    - name: Encrypt secrets file with Vault password
+      ansible.builtin.shell:
+        ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
+      when:
+        - secrets_vault_password_file is defined
\ No newline at end of file

diff --git a/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml
new file mode 100644
index 0000000..446b3c4
--- /dev/null
+++ b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - The ``generate_secrets`` playbook can now be used to generate secrets that
+    are encrypted using ``ansible-vault``.
commit	498593aa86872c8fdfaa9dfcf07b0c71261b7db5	[log] [tgz]
author	Mohammed Naser <mnaser@vexxhost.com>	Thu Mar 17 21:13:14 2022 -0400
committer	Mohammed Naser <mnaser@vexxhost.com>	Thu Mar 17 23:28:57 2022 -0400
tree	dbad1b723c13ad69a446b7756f7c63e489f00114
parent	97967b16c47e59f9e542907d8610d1c85193337c [diff]