chore: add readme entry and configration for openbao secrets management

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-27 16:46:18 +01:00 · 2026-03-27 16:46:18 +01:00 · bd85fdfe91
commit bd85fdfe91
parent 2c1c01a2d7
4 changed files with 23 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@
 # Ansible
 /collections/ansible_collections/
 .vagrant/
+bao
--- a/README.md
+++ b/README.md
@ -1 +1,17 @@
 # reference-ansible
+
+
+
+### Secrets
+Secrets are managed using [OpenBao](https://bao.digitalboard.ch).
+Download the CLI binary once (not checked in):
+```bash
+curl -L https://github.com/openbao/openbao/releases/latest/download/bao_linux_amd64 -o ./bao && chmod +x ./bao
+```
+
+Authenticate and export token before running playbooks:
+```bash
+export BAO_ADDR=https://bao.digitalboard.ch
+./bao login -method=oidc -path=Digitalboard
+export VAULT_TOKEN=$(./bao print token)
+``` 
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +1,7 @@
 [defaults]
 collections_path = ./collections:~/.ansible/collections:/usr/share/ansible/collections
 remote_user = root
+
+[hashi_vault_collection]
+url = https://bao.digitalboard.ch
+auth_method = token
--- a/requirements.yml
+++ b/requirements.yml
@ -1,4 +1,5 @@
 collections:
+  - name: community.hashi_vault
  - name: https://git.digitalboard.ch/Digitalboard/digitalboard.core.git
    type: git
    version: main