diff --git a/content/posts/ansible-vault-bitwarden.md b/content/posts/ansible-vault-bitwarden.md index efc08c9..bbd686a 100644 --- a/content/posts/ansible-vault-bitwarden.md +++ b/content/posts/ansible-vault-bitwarden.md @@ -107,6 +107,6 @@ Yes, absolutely! Because Bitwarden stores its vault encrypted until it's needed, and cached locally, the vault password is never stored in plaintext anywhere. It also means that because the secret is no longer in a (`gitignore`-d) file in the repository, there's less chance of accidentally committing it and publishing all your secrets to the world (which I totally have [never done](https://github.com/RealOrangeOne/infrastructure/commit/7eaf608e3cfa363e426d101385c18be1c583eab5)). Additionally, there's no longer a separate file to sync outside the repository. Just clone the repository, and so long as I have the Bitwarden CLI configured, the credentials will flow. -Shout out to [AdventurousWay](https://www.adventurousway.com/) for giving me the idea for this, and showing that the `vault_password_file` doesn't have to contain the secret, but can also be [an executable](https://github.com/adventurousway/infrastructure/blob/main/vault_password_file.sh). +Shout out to [AdventurousWay](https://www.adventurousway.com/) for giving me the idea for this, and showing that the `vault_password_file` doesn't have to contain the secret, but can also be [an executable](https://github.com/adventurousway/infrastructure/blob/b4061bba02d17668f88a0deeef7d8a14aff81f0b/scripts/vault_password_file.sh). Unfortunately, I haven't fully solved my problem. Ansible is made easier, but I still have some `gitignore`-d secrets for my Terraform configuration. Terraform doesn't appear to have any easy integrations quite as nice as this for resolving secrets. Depending on how annoying that gets, Hashicorp Vault may be in my future... If you know of a better solution, please, [let me know]({{}})!