feat(infra): vault.yml mit generierten Passwörtern

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-24 22:36:38 +02:00 · 2026-03-15 15:35:21 +01:00 · 2026-03-15 15:35:21 +01:00 · 7339ae000b
commit 7339ae000b
parent 39e5367916
1 changed files with 32 additions and 0 deletions
--- a/repos/INSIGHT-Infra/ansible/vault.yml
+++ b/repos/INSIGHT-Infra/ansible/vault.yml
@ -0,0 +1,32 @@
+---
+# vault.yml — INSIGHT Secrets
+# Passwörter für PostgreSQL, PgBouncer und Redis
+# Dieses File liegt nur im lokalen Forgejo — niemals in öffentliche Repos!
+
+# PostgreSQL User
+postgresql_users:
+  - name: insight_app
+    password: "fnVQN*jjyY4F&#9yf*1LY116#bhCeplm"
+    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"
+  - name: pgbouncer
+    password: "vaUIttUg!iR3buSMehN^S7GAH!m!xYq4"
+    role_attr_flags: "LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE"
+
+# PostgreSQL Grants
+postgresql_grants:
+  - db: insight_core
+    role: insight_app
+    privs: "ALL"
+  - db: insight_crm
+    role: insight_app
+    privs: "ALL"
+
+# PgBouncer Auth
+pgbouncer_users:
+  - name: insight_app
+    password: "fnVQN*jjyY4F&#9yf*1LY116#bhCeplm"
+  - name: pgbouncer
+    password: "vaUIttUg!iR3buSMehN^S7GAH!m!xYq4"
+
+# Redis
+redis_password: "gIIicbZ8T@8gfRVEmYzVEG2sGb24&Hy4"