---
# Production Secrets Vault
# IMPORTANT: This file must be encrypted with ansible-vault
#
# Encrypt this file:
#   ansible-vault encrypt deployment/ansible/secrets/production-vault.yml
#
# Edit encrypted file:
#   ansible-vault edit deployment/ansible/secrets/production-vault.yml
#
# Decrypt file (for debugging only, never commit decrypted):
#   ansible-vault decrypt deployment/ansible/secrets/production-vault.yml
#
# Use in playbook:
#   ansible-playbook playbooks/setup-production-secrets.yml --ask-vault-pass

# Database Credentials
vault_db_name: framework_production
vault_db_user: framework_app
vault_db_password: CHANGE_ME_STRONG_DB_PASSWORD_HERE

# Redis Credentials
vault_redis_password: CHANGE_ME_STRONG_REDIS_PASSWORD_HERE

# Application Secrets
vault_app_key: CHANGE_ME_BASE64_ENCODED_32_BYTE_KEY
vault_jwt_secret: CHANGE_ME_STRONG_JWT_SECRET_HERE

# Docker Registry Credentials
vault_registry_url: git.michaelschiemer.de:5000
vault_registry_user: deploy
vault_registry_password: CHANGE_ME_REGISTRY_PASSWORD_HERE

# Security Configuration
vault_admin_allowed_ips: "127.0.0.1,::1,94.16.110.151"

# SMTP Configuration (optional)
vault_smtp_host: smtp.example.com
vault_smtp_port: 587
vault_smtp_user: noreply@michaelschiemer.de
vault_smtp_password: CHANGE_ME_SMTP_PASSWORD_HERE