sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/scripts
History
sjat 4ee1b66e23 Source vault password from Vaultwarden via rbw; nest vault structure 
Master vault password is fetched from Vaultwarden via the rbw agent
(scripts/vault-pass-client.sh, wired as vault_password_file) instead of a
plaintext .vault_pass. Vault secrets use a nested vault.<service>.<key> map.
Encrypted vault.yml files are excluded from lint. Includes the host rename in
Makefile and STATUS.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 18:16:35 +02:00
..
check-vault-encrypted.sh Add core Ansible scaffold, tooling, and pre-commit guards 2026-05-30 14:10:01 +02:00
README.md Add core Ansible scaffold, tooling, and pre-commit guards 2026-05-30 14:10:01 +02:00
tf_to_inventory.py Add core Ansible scaffold, tooling, and pre-commit guards 2026-05-30 14:10:01 +02:00
vault-pass-client.sh Source vault password from Vaultwarden via rbw; nest vault structure 2026-05-30 18:16:35 +02:00

README.md

scripts/

Small helper scripts. Python standard library only — no third-party dependencies (keeps them runnable anywhere without a venv).

  • tf_to_inventory.py — reads terraform output -json on stdin and writes an Ansible hosts.yml. Invoked by make tf-inventory. Data contract: ADR-009.