Refactor the vault/secrets

2026-02-06 21:41:42 +01:00 · 2026-02-06 21:41:42 +01:00 · 28f2e9a33a
commit 28f2e9a33a
parent 11c339ce92
32 changed files with 144 additions and 83 deletions
--- a/playbooks/roles/authentik/defaults/main.yml
+++ b/playbooks/roles/authentik/defaults/main.yml
@ -1,4 +1,6 @@
 ---
+authentik_secret_key: "{{ undef() }}"
+
 authentik_svc:
  domain: "{{ all_services | service_get_domain(role_name) }}"
  port: 9000
@ -11,7 +13,7 @@ authentik_svc:
    database: "{{ opentofu.postgresql_data.authentik.database }}"

 authentik_env:
-  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
+  AUTHENTIK_SECRET_KEY: "{{ authentik_secret_key | mandatory }}"

  AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
  AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"