debops.secret role enables you to have a separate directory on the Ansible
Controller (different than the playbook directory and inventory directory)
which can be used as a handy "workspace" for other roles.
Some usage examples of this role in DebOps include:
- password lookups, either from current role, or using known location of
passwords from other roles, usually dependencies (for example
debops.mariadbrole can manage an user account in the database with random password and other role can lookup that password to include in a generated configuration file);
- secure file storage, for example for application keys generated on remote
debops.boxbackuprole retrieves client keys for backup purposes), for that reason secret directory should be protected by an external means, for example encrypted filesystem (currently there is no encryption provided by default);
- secure workspace (
debops.boxbackuprole, again, uses the secret directory to create and manage Root CA for backup servers – client and server certificates are automatically downloaded to Ansible Controller, signed and uploaded to destination hosts);
- simple centralized backup (specific roles like
debops.monkeyspherehave separate task lists that are invoked by custom playbooks to allow backup and restoration of ssh host keys and SSL certificates. Generated .tar.gz files are kept on Ansible Controller in secret directory).
debops.secret - Manage sensitive data in the filesystem Copyright (C) 2013-2016 Maciej Delmanowski <email@example.com> Copyright (C) 2014-2016 DebOps <https://debops.org/> SPDX-License-Identifier: GPL-3.0-only This Ansible role is part of DebOps. DebOps is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3, as published by the Free Software Foundation. DebOps is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with DebOps. If not, see https://www.gnu.org/licenses/.