You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The roles in this repo treat the place they're being run from as a pet. They do a lot of delegate_to: localhost for generating/storing files, and the roles themselves tend to have inputs as paths on the machine running the ansible-playbook command.
It would be preferable to pass everything in as a role input, as this would prevent accidentally committing secrets to git. This would require more initial setup work by anyone looking to use the role in their infrastructure to ensure they call the role correctly, as well as generate secrets and store them.
Passing things in as a role input would provide for the flexibility to fetch values from a secure secret storage mechanism as they would all be subject to jinja2 templating etc.
The text was updated successfully, but these errors were encountered:
Issue
The roles in this repo treat the place they're being run from as a pet. They do a lot of
delegate_to: localhostfor generating/storing files, and the roles themselves tend to have inputs as paths on the machine running the ansible-playbook command.It would be preferable to pass everything in as a role input, as this would prevent accidentally committing secrets to git. This would require more initial setup work by anyone looking to use the role in their infrastructure to ensure they call the role correctly, as well as generate secrets and store them.
Passing things in as a role input would provide for the flexibility to fetch values from a secure secret storage mechanism as they would all be subject to jinja2 templating etc.
The text was updated successfully, but these errors were encountered: