From cb861223ea6f0f53c5349ee06bc720ba2c452709 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 24 Feb 2023 22:18:50 +0100
Subject: [PATCH] take vault password from secret service

---
 ansible.cfg                   |  6 +++++-
 util/secret-service-client.sh | 10 ++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 util/secret-service-client.sh

diff --git a/ansible.cfg b/ansible.cfg
index dedca3f..b598c64 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,9 @@
 [defaults]
 # (pathspec) Colon separated paths in which Ansible will search for Roles.
 roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
-vault_password_file=./.vault_password
 inventory=inventory
+vault_password_file=util/secret-service-client.sh
+interpreter_python=/usr/bin/python3
+
+[diff]
+always = True
diff --git a/util/secret-service-client.sh b/util/secret-service-client.sh
new file mode 100644
index 0000000..37c9a82
--- /dev/null
+++ b/util/secret-service-client.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+pass=`secret-tool lookup ansible_vault homeservers`
+retval=$?
+
+if [ $retval -ne 0 ]; then
+	echo Provide password:
+	read -s pass
+fi
+echo $pass