Refactor the vault/secrets

2026-02-06 21:41:42 +01:00 · 2026-02-06 21:41:42 +01:00 · 28f2e9a33a
commit 28f2e9a33a
parent 11c339ce92
32 changed files with 144 additions and 83 deletions
--- a/playbooks/roles/lgtm_stack/defaults/main.yml
+++ b/playbooks/roles/lgtm_stack/defaults/main.yml
@ -6,6 +6,8 @@ lgtm_stack_loki_domain: "{{ all_services | service_get_domain('loki') }}"

 lgtm_stack_alloy_jobs: "{{ all_services | services_to_alloy() }}"

+lgtm_stack_grafana_secret_key: "{{ undef() }}"
+

 lgtm_stack_svc:
  domain: "{{ lgtm_stack_domain }}"
@ -35,7 +37,7 @@ lgtm_stack_env:

  GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: true
  GF_SECURITY_ADMIN_USER: "{{ admin_email }}"
-  GF_SECURITY_SECRET_KEY: "{{ vault_lgtm_stack.grafana.secret_key }}"
+  GF_SECURITY_SECRET_KEY: "{{ lgtm_stack_grafana_secret_key | mandatory }}"
  GF_SECURITY_COOKIE_SECURE: true
  GF_SECURITY_COOKIE_SAMESITE: "strict"