Loads secrets from berglas and makes them available as a variable. See //kube/secrets for more details on berglas and Skia secrets.
The secrets are stored as a single file, secrets.yml, in berglas secrets for the cluster etc and the secret name ansible-secret-vars.
You can see this secret in the list of all secrets for the etc cluster:
$ ./kube/secrets/list-secrets-by-cluster.sh etc authorized_keys ansible-secret-vars
To edit the secrets run:
kube/secrets/edit-secret.sh etc ansible-secret-vars
You can now edit the secrets stored in the file at /tmp/ramdisk/secrets.yml.
Add new secrets as key: value pairs of the top level secrets dictionary.
The only secret in the file today is skolo_password.
The secrets.yml is only put in a temp file long enough to be loaded into an Ansible variable, then the temp file is removed by the clean_up_tempfile handler.
- hosts: jumphosts
gather_facts: False
roles:
- load-secret-vars
tasks:
- name: Debug
delegate_to: 127.0.0.1
debug:
msg: 'Password: {{ secrets.skolo_password }}'