--- # task/load_credentials_vars file for hashistack - name: "Variables | Stat credentials file" ansible.builtin.stat: path: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}" register: _credentials_file delegate_to: localhost - name: "Variables | Stat vault credentials file" ansible.builtin.stat: path: "{{ hashistack_sub_configuration_directories['secrets'] }}/vault.yml" register: _vault_credentials_file delegate_to: localhost - name: "Variables | Make sure credentials file exists" ansible.builtin.assert: that: - _credentials_file.stat.exists fail_msg: >- Credentials file {{ _credentials_file.stat.path }} was not found, cannot continue without it. delegate_to: localhost - name: "Variables | Load credentials variables" ansible.builtin.include_vars: dir: "{{ hashistack_sub_configuration_directories['secrets'] }}" files_matching: "{{ hashistack_configuration_credentials_vars_file }}" depth: 1 name: _credentials delegate_to: localhost - name: "Variables | Load vault credentials if vault.yml exists" ansible.builtin.include_vars: dir: "{{ hashistack_sub_configuration_directories['secrets'] }}" files_matching: "vault.yml" depth: 1 name: _vault_credentials when: _vault_credentials_file.stat.exists delegate_to: localhost - name: "Variables | Merge vault credentials into _credentials" vars: _config_to_merge: vault: "{{ _vault_credentials }}" ansible.builtin.set_fact: _credentials: "{{ _credentials | combine(_config_to_merge, recursive=true) }}" when: _vault_credentials_file.stat.exists delegate_to: localhost