File tree Expand file tree Collapse file tree 1 file changed +17
-1
lines changed Expand file tree Collapse file tree 1 file changed +17
-1
lines changed Original file line number Diff line number Diff line change 33 gather_facts : false
44 vars :
55 wazuh_secrets_path : " {{ kayobe_env_config_path }}/wazuh-secrets.yml"
6+ override_special_characters : ' "#$%&()*+,-./:;<=>?@[\]^_{|}~'
67 tasks :
78 - name : install passlib[bcrypt]
89 pip :
1920 path : " {{ wazuh_secrets_path }}"
2021 register : waz_exist_result
2122
23+ - name : Check if secret is encrypted
24+ block :
25+ - name : Try to decrypt secret
26+ no_log : True
27+ copy :
28+ content : " {{ lookup('ansible.builtin.file', wazuh_secrets_path) | ansible.builtin.vault(ansible_vault_password) }}"
29+ dest : " {{ wazuh_secrets_path }}"
30+ decrypt : True
31+ vars :
32+ ansible_vault_password : " {{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
33+ rescue :
34+ - name : Secrets already decrypted
35+ ansible.builtin.debug :
36+ msg : ' Secret was already decrypted'
37+ when : waz_exist_result.stat.exists
38+
2239 - name : Template new secrets
2340 no_log : True
2441 template :
3451 decrypt : false
3552 vars :
3653 ansible_vault_password : " {{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
37- when : not waz_exist_result.stat.exists
You can’t perform that action at this time.
0 commit comments