ref: Remove vault-password static file from repo

Instead of having the file statically (and plain-text) in the repo itself, we simply query `pass` for it instead. Slightly cumbersome syntax since ansible (afaik) does not allow a similar easy variable-enabled lookup as for become passwords, so we also whipped it into a justfile to not have to type it each time. The command line uses cat to receive the password as a 'file' on stdin.
2025-11-18 16:57:39 +01:00 · 2025-11-18 16:57:39 +01:00 · 0de79fc1d2
commit 0de79fc1d2
parent e6194e35bf
2 changed files with 2 additions and 2 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,5 +1,3 @@
 [defaults]
 remote_tmp = /tmp
 inventory = inventory
-
-vault_password_file = vaultpass
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+deploy:
+    pass show hosting/ansible/bob/vault-password | ansible-playbook --vault-password-file=/bin/cat site.yaml