Allow making use of Ansible-vault to encrypt and decrypt sensitive certs and keys (#95)

IzakEygelaar · gdzien · commit f79e6d021024 · 2019-02-01T18:59:56.000Z
* Allow making use of Ansible-vault to encrypt sensitive certs and keys
diff --git a/tasks/conf/upload-config.yml b/tasks/conf/upload-config.yml
@@ -68,6 +68,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_crt_upload_dest }}"
+    mode: 0640
+    decrypt: yes
     backup: yes
   with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
   when: nginx_ssl_upload_enable
@@ -76,6 +78,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_key_upload_dest }}"
+    mode: 0640
+    decrypt: yes
     backup: yes
   with_fileglob: "{{ nginx_ssl_key_upload_src }}"
   when: nginx_ssl_upload_enable
diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml
@@ -8,6 +8,7 @@
   copy:
     src: "{{ item }}"
     dest: /etc/ssl/nginx
+    decrypt: yes
   with_items:
     - "{{ nginx_license.certificate }}"
     - "{{ nginx_license.key }}"
