Replace inline credentials with Infisical pointers
This commit is contained in:
dohertj2
+2
-2
@@ -29,7 +29,7 @@ Source of truth: `roles/infisical/defaults/main.yml` in the ansible repo. Re-dep
|
||||
| `infisical_image` | `infisical/infisical:latest-postgres` | Standalone all-in-one image (API + frontend) |
|
||||
| `infisical_subdomain` | `infisical` | Becomes `infisical.dohertylan.com` |
|
||||
| `infisical_db_user` / `_db_name` | `infisical` / `infisical` | Internal-only — not exposed past the compose network |
|
||||
| `infisical_db_password` | `Sonamu89_infisical_db` | dev convention; rotate via group_vars/vault if repo ever leaves the LAN |
|
||||
| `infisical_db_password` | `[Infisical: homelab/apps/infisical/DB_PWD]` | Plaintext also lives in `roles/infisical/defaults/main.yml` (chicken-and-egg: the playbook must hold the value to deploy Infisical from scratch) |
|
||||
| `infisical_encryption_key` | 32 hex chars | **Do not change after data exists** — used to envelope-encrypt secrets at rest. Changing it makes existing secrets unrecoverable; use Infisical's key-rotation flow if you need to rotate |
|
||||
| `infisical_auth_secret` | random base64 | JWT signing key |
|
||||
| `infisical_telemetry_enabled` | `false` | Anonymous telemetry opted out |
|
||||
@@ -41,7 +41,7 @@ Three equivalent paths:
|
||||
```bash
|
||||
# Via Semaphore UI (or API): http://10.100.0.35:3000 → template "Deploy Full Stack"
|
||||
curl -s -c - http://localhost:3000/api/auth/login -X POST -H 'Content-Type: application/json' \
|
||||
-d '{"auth":"dohertj2","password":"Sonamu89"}' | grep semaphore | awk '{print $NF}' \
|
||||
-d '{"auth":"dohertj2","password":"<semaphore-admin-pwd>"}' | grep semaphore | awk '{print $NF}' \
|
||||
| xargs -I{} curl -s -b "semaphore={}" -X POST http://localhost:3000/api/project/1/tasks \
|
||||
-H 'Content-Type: application/json' -d '{"template_id":8,"project_id":1}'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user