michaelschiemer/deployment/ansible/secrets/production.vault.yml.example

---
# Ansible Vault Example
# Copy this file to production.vault.yml and encrypt with:
# ansible-vault encrypt production.vault.yml

# Database Credentials
vault_db_password: "change-me-secure-db-password"
vault_db_root_password: "change-me-secure-root-password"

# Application Stack Credentials
# Required: used for the application stack (.env) and injected into PHP containers
vault_redis_password: "change-me-secure-redis-password"

# Application Secrets
# Required: base64 encoded 32 byte key used for APP_KEY
vault_app_key: "change-me-base64-encoded-32-byte-key"
vault_jwt_secret: "change-me-jwt-signing-secret"

# Mail Configuration
vault_mail_password: "change-me-mail-password"

# Docker Registry Credentials
vault_docker_registry_username: "gitea-user"
vault_docker_registry_password: "change-me-registry-password"

# Git Repository Credentials (for code cloning in containers)
# Option 1: Use Personal Access Token (recommended)
vault_git_token: "change-me-gitea-personal-access-token"
# Option 2: Use username/password (less secure)
# vault_git_username: "your-gitea-username"
# vault_git_password: "your-gitea-password"

# Gitea Admin Credentials (for initial setup)
# Required for automated Gitea initial configuration
vault_gitea_admin_username: "admin"
vault_gitea_admin_password: "change-me-secure-gitea-admin-password"
vault_gitea_admin_email: "kontakt@michaelschiemer.de"

# Gitea Redis Credentials
# Required for Redis cache, sessions, and queue
vault_gitea_redis_password: "change-me-secure-gitea-redis-password"

# Optional: Additional Secrets
vault_encryption_key: "change-me-encryption-key"
vault_session_secret: "change-me-session-secret"

# Monitoring Stack Credentials
vault_grafana_admin_password: "change-me-secure-grafana-password"
vault_prometheus_password: "change-me-secure-prometheus-password"

# MinIO Object Storage Credentials
vault_minio_root_user: "minioadmin"
vault_minio_root_password: "change-me-secure-minio-password"