Move secrets into .env into ansible-vault

2024-10-27 16:51:01 +01:00 · 2024-10-27 16:51:01 +01:00 · 0bbfe1acec
commit 0bbfe1acec
parent 67222f6415
6 changed files with 53 additions and 51 deletions
--- a/.env.example
+++ b/.env.example
@ -1,3 +1,47 @@
-OVH_APP_KEY=
-OVH_APP_SECRET_KEY=
-OVH_CONSUMER_KEY=
+DNSCONTROL_ovh_app_key=
+DNSCONTROL_ovh_app_secret_key=
+DNSCONTROL_ovh_consumer_key=
+
+
+
+TF_VAR_passphrase=
+
+TF_VAR_backend_access_key=
+TF_VAR_backend_secret_key=
+TF_VAR_backend_endpoint=
+TF_VAR_backend_region=
+TF_VAR_backend_bucket=
+
+
+TF_VAR_authentik_token=
+
+TF_VAR_aws_region=
+TF_VAR_aws_access_key=
+TF_VAR_aws_secret_key=
+
+TF_VAR_contabo_client_id=
+TF_VAR_contabo_client_secret=
+TF_VAR_contabo_user=
+TF_VAR_contabo_pass=
+
+TF_VAR_hcloud_token=
+
+TF_VAR_healthchecksio_api_key=
+
+TF_VAR_ovh_application_key=
+TF_VAR_ovh_application_secret=
+TF_VAR_ovh_consumer_key=
+
+TF_VAR_postgresql_username=
+TF_VAR_postgresql_password=
+
+TF_VAR_scaleway_organization_id=
+TF_VAR_scaleway_project_id=
+TF_VAR_scaleway_access_key=
+TF_VAR_scaleway_secret_key=
+
+TF_VAR_tailscale_api_key=
+TF_VAR_tailscale_tailnet=
+
+
+TF_VAR_email_domains='["example.com"]'
--- a/.envrc
+++ b/.envrc
@ -1 +1,4 @@
 use nix
+
+eval "$(ansible-vault view .env | direnv dotenv bash /dev/stdin)"
+watch_file ".env"
--- a/.gitignore
+++ b/.gitignore
@ -5,7 +5,6 @@ dns/hosts.json
 dns/services.json
 dns/dkim-ses.json

-secrets.auto.tfvars
 .terraform

 inventory/group_vars/all/serguzim.net.yml
--- a/3
+++ b/3
@ -2,9 +2,6 @@ SHELL := /bin/bash

 TAGS ?= all

-include .env
-export
-
 PWD := $(shell pwd)

 .FORCE:
--- a/creds.json
+++ b/creds.json
@ -4,9 +4,9 @@
 	},
 	"ovh": {
 		"TYPE": "OVH",
-		"app-key": "$OVH_APP_KEY",
-		"app-secret-key": "$OVH_APP_SECRET_KEY",
-		"consumer-key": "$OVH_CONSUMER_KEY",
+		"app-key": "$DNSCONTROL_ovh_app_key",
+		"app-secret-key": "$DNSCONTROL_ovh_app_secret_key",
+		"consumer-key": "$DNSCONTROL_ovh_consumer_key",
 		"endpoint": "eu"
 	}
 }
--- a/secrets.auto.tfvars.example
+++ b/secrets.auto.tfvars.example
@ -1,41 +0,0 @@
-backend_access_key = ""
-backend_secret_key = ""
-backend_endpoint = ""
-backend_region = ""
-backend_bucket = ""
-
-
-authentik_token = ""
-
-aws_region = ""
-aws_access_key = ""
-aws_secret_key = ""
-
-contabo_client_id = ""
-contabo_client_secret = ""
-contabo_user = ""
-contabo_pass = ""
-
-hcloud_token = ""
-
-healthchecksio_api_key = ""
-
-ovh_application_key = ""
-ovh_application_secret = ""
-ovh_consumer_key = ""
-
-postgresql_username = ""
-postgresql_password = ""
-
-scaleway_organization_id = ""
-scaleway_project_id = ""
-scaleway_access_key = ""
-scaleway_secret_key = ""
-
-tailscale_api_key = ""
-tailscale_tailnet = ""
-
-
-email_domains = [
-  "example.com",
-]