Ansible/docs/3-vault.md

Vault

Before you get started, you will need to create one master secret:

tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 13; echo

or use any password generator from your favorite password manager.

Keep this secret in a safe place, as it will be used to encrypt and decrypt your vault.

Two files in ./vault are used to store sensitive data:

• user_provisioning contains default and maintainer user credentials
• secrets ansible root password and k3s secret token

They are formatted as follows:

# vault/user_provisioning
vault_atmen_password: <atmen_password>
vault_maintainer_user: <maintainer_user>
vault_maintainer_password: <maintainer_password>

# vault/secrets
ansible_become_password: <atmen_password>
token: <k3s_token>

Note

To avoid pasting your vault password everytime, you can create a .vault_pass file in the root directory with the vault password.