---
# =============================================================================
# Deploy Linux VM Role - Vault Variables Example
# =============================================================================
# This file shows the structure for vault-encrypted variables.
#
# SECURITY INSTRUCTIONS:
# 1. Copy this file to your secrets directory or group_vars/all/vault.yml
# 2. Update the values with your actual secrets
# 3. Encrypt the file using ansible-vault:
#    ansible-vault encrypt group_vars/all/vault.yml
# 4. NEVER commit unencrypted secrets to version control
#
# Alternative: Use external secret managers:
# - HashiCorp Vault
# - AWS Secrets Manager
# - Azure Key Vault
# - CyberArk
# =============================================================================

# -----------------------------------------------------------------------------
# Ansible User SSH Key
# -----------------------------------------------------------------------------
# SSH public key for the ansible user
# Generate with: ssh-keygen -t ed25519 -C "ansible-automation"
vault_deploy_linux_vm_ansible_user_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ansible@automation"

# -----------------------------------------------------------------------------
# Root Password
# -----------------------------------------------------------------------------
# Root password for emergency console access
# Generate strong password with: openssl rand -base64 32
# This should be different for each environment (dev/staging/prod)
vault_deploy_linux_vm_root_password: "SuperSecurePassword!2024"

# -----------------------------------------------------------------------------
# Optional: Additional Secrets
# -----------------------------------------------------------------------------
# vault_deploy_linux_vm_api_key: "your-api-key-here"
# vault_deploy_linux_vm_registry_password: "container-registry-password"