Move secrets into .env into ansible-vault

2024-10-27 16:51:01 +01:00 · 2024-10-27 16:51:01 +01:00 · 0bbfe1acec
commit 0bbfe1acec
parent 67222f6415
6 changed files with 53 additions and 51 deletions
--- a/.env.example
+++ b/.env.example
@ -1,3 +1,47 @@
-OVH_APP_KEY=
+DNSCONTROL_ovh_app_key=
-OVH_APP_SECRET_KEY=
+DNSCONTROL_ovh_app_secret_key=
-OVH_CONSUMER_KEY=
+DNSCONTROL_ovh_consumer_key=
 TF_VAR_passphrase=
 TF_VAR_backend_access_key=
 TF_VAR_backend_secret_key=
 TF_VAR_backend_endpoint=
 TF_VAR_backend_region=
 TF_VAR_backend_bucket=
 TF_VAR_authentik_token=
 TF_VAR_aws_region=
 TF_VAR_aws_access_key=
 TF_VAR_aws_secret_key=
 TF_VAR_contabo_client_id=
 TF_VAR_contabo_client_secret=
 TF_VAR_contabo_user=
 TF_VAR_contabo_pass=
 TF_VAR_hcloud_token=
 TF_VAR_healthchecksio_api_key=
 TF_VAR_ovh_application_key=
 TF_VAR_ovh_application_secret=
 TF_VAR_ovh_consumer_key=
 TF_VAR_postgresql_username=
 TF_VAR_postgresql_password=
 TF_VAR_scaleway_organization_id=
 TF_VAR_scaleway_project_id=
 TF_VAR_scaleway_access_key=
 TF_VAR_scaleway_secret_key=
 TF_VAR_tailscale_api_key=
 TF_VAR_tailscale_tailnet=
 TF_VAR_email_domains='["example.com"]'
--- a/.envrc
+++ b/.envrc
@ -1 +1,4 @@
 use nix
 eval "$(ansible-vault view .env | direnv dotenv bash /dev/stdin)"
 watch_file ".env"
--- a/.gitignore
+++ b/.gitignore
@ -5,7 +5,6 @@ dns/hosts.json
 dns/services.json
 dns/dkim-ses.json
 secrets.auto.tfvars
 .terraform
 inventory/group_vars/all/serguzim.net.yml
--- a/3
+++ b/3
@ -2,9 +2,6 @@ SHELL := /bin/bash
 TAGS ?= all
 include .env
 export
 PWD := $(shell pwd)
 .FORCE:
--- a/creds.json
+++ b/creds.json
@ -4,9 +4,9 @@
 	},
 	"ovh": {
 		"TYPE": "OVH",
-		"app-key": "$OVH_APP_KEY",
+		"app-key": "$DNSCONTROL_ovh_app_key",
-		"app-secret-key": "$OVH_APP_SECRET_KEY",
+		"app-secret-key": "$DNSCONTROL_ovh_app_secret_key",
-		"consumer-key": "$OVH_CONSUMER_KEY",
+		"consumer-key": "$DNSCONTROL_ovh_consumer_key",
 		"endpoint": "eu"
 	}
 }
--- a/secrets.auto.tfvars.example
+++ b/secrets.auto.tfvars.example
@ -1,41 +0,0 @@
 backend_access_key = ""
 backend_secret_key = ""
 backend_endpoint = ""
 backend_region = ""
 backend_bucket = ""
 authentik_token = ""
 aws_region = ""
 aws_access_key = ""
 aws_secret_key = ""
 contabo_client_id = ""
 contabo_client_secret = ""
 contabo_user = ""
 contabo_pass = ""
 hcloud_token = ""
 healthchecksio_api_key = ""
 ovh_application_key = ""
 ovh_application_secret = ""
 ovh_consumer_key = ""
 postgresql_username = ""
 postgresql_password = ""
 scaleway_organization_id = ""
 scaleway_project_id = ""
 scaleway_access_key = ""
 scaleway_secret_key = ""
 tailscale_api_key = ""
 tailscale_tailnet = ""
 email_domains = [
  "example.com",
 ]