talas-group/04_INFRA_DEPLOIEMENT/Ansible/roles/postgres-explain-visualizer/tasks/secrets.yml

---
# file: roles/postgres-explain-visualizer/tasks/secrest.yml

- name: "handle secret {{ secret }}"
  block:
    - name: "get {{ secret }} from hashicorp vault"
      set_fact:
        "{{ secret }}": "{{ lookup('hashi_vault', 'secret=cosium-kv/data/' + host_vars_location + '/' + ansible_hostname)[secret] }}"
  rescue:
    - name: "generate a random password for {{ secret }}"
      set_fact:
        password: "{{ lookup('password','/dev/null chars=ascii_letters,digits length=50') }}"
    - name: "patching hashicorp vault with generated {{ secret }}"
      delegate_to: localhost
      become: no
      command: "vault kv patch cosium-kv/{{ host_vars_location }}/{{ ansible_hostname }} {{ secret }}={{ password }}"
    - name: "assign password value to {{ secret }}"
      set_fact:
        "{{ secret }}": "{{ password }}"
  tags: pev