2026-05-30 14:10:01 +02:00
|
|
|
# scripts/
|
|
|
|
|
|
|
|
|
|
Small helper scripts. **Python standard library only** — no third-party
|
|
|
|
|
dependencies (keeps them runnable anywhere without a venv).
|
|
|
|
|
|
|
|
|
|
- `tf_to_inventory.py` — reads `terraform output -json` on stdin and writes an
|
|
|
|
|
Ansible `hosts.yml`. Invoked by `make tf-inventory`. Data contract: **ADR-009**.
|
2026-05-30 19:10:58 +02:00
|
|
|
- `vault-pass-client.sh` — fetches the master vault password from Vaultwarden via
|
|
|
|
|
`rbw`. Wired as `vault_password_file` (ADR-002).
|
|
|
|
|
- `check-vault-encrypted.sh` — pre-commit guard: fails if a `vault.yml` holds
|
|
|
|
|
plaintext secrets.
|
|
|
|
|
- `repo-scan.py` — Phase-0 deterministic scan for `/review-repo` (markers, broken
|
|
|
|
|
refs, unencrypted vaults, inventory).
|