125 lines
4.2 KiB
Plaintext
125 lines
4.2 KiB
Plaintext
# Ansible Vault Secrets File
|
|
# Copy to vault.yml and encrypt with: ansible-vault encrypt vault.yml
|
|
#
|
|
# All secrets should be prefixed with vault_ and encrypted.
|
|
# Service variables in vars.yml or host_vars reference these with:
|
|
# service_password: "{{ vault_service_password }}"
|
|
|
|
# PostgreSQL
|
|
vault_postgres_password: changeme
|
|
|
|
# Service Database Passwords
|
|
vault_arke_db_password: changeme
|
|
vault_casdoor_db_password: changeme
|
|
vault_periplus_db_password: changeme
|
|
vault_mcp_switchboard_db_password: changeme
|
|
vault_openwebui_db_password: changeme
|
|
vault_spelunker_db_password: changeme
|
|
|
|
# Neo4j
|
|
vault_neo4j_auth_password: changeme
|
|
vault_mnemosyne_neo4j_auth_password: changeme
|
|
|
|
# RabbitMQ
|
|
vault_rabbitmq_password: changeme
|
|
vault_kairos_rabbitmq_password: changeme
|
|
vault_spelunker_rabbitmq_password: changeme
|
|
vault_mcp_switchboard_rabbitmq_password: changeme
|
|
|
|
# Caliban
|
|
# Note: VNC passwords are limited to 8 characters maximum
|
|
vault_caliban_x11vnc_password: caliban
|
|
|
|
# Casdoor
|
|
vault_casdoor_auth_state: changeme
|
|
vault_casdoor_radius_secret: changeme
|
|
vault_casdoor_s3_endpoint: changeme
|
|
vault_casdoor_s3_access_key: changeme
|
|
vault_casdoor_s3_secret_key: changeme
|
|
vault_casdoor_s3_bucket: changeme
|
|
vault_casdoor_app_client_secret: changeme
|
|
vault_casdoor_admin_password: changeme
|
|
vault_casdoor_hostmaster_password: changeme
|
|
|
|
# Gitea
|
|
vault_gitea_db_password: changeme
|
|
vault_gitea_secret_key: changeme
|
|
vault_gitea_lfs_jwt_secret: changeme
|
|
vault_gitea_metrics_token: changeme
|
|
vault_gitea_oauth_client_id: changeme
|
|
vault_gitea_oauth_client_secret: changeme
|
|
|
|
# OpenWebUI
|
|
vault_openwebui_secret_key: changeme
|
|
vault_openwebui_openai_api_key: changeme
|
|
vault_openwebui_anthropic_api_key: changeme
|
|
vault_openwebui_groq_api_key: changeme
|
|
vault_openwebui_mistral_api_key: changeme
|
|
vault_openwebui_oauth_client_id: changeme
|
|
vault_openwebui_oauth_client_secret: changeme
|
|
|
|
# MCP Switchboard
|
|
vault_mcp_switchboard_secret_key: changeme
|
|
|
|
# SearXNG
|
|
vault_searxng_secret_key: changeme
|
|
vault_searxng_brave_api_key: changeme
|
|
|
|
# PgAdmin
|
|
vault_pgadmin_email: admin@example.com
|
|
vault_pgadmin_password: changeme
|
|
|
|
# Grafana
|
|
vault_grafana_admin_name: Admin
|
|
vault_grafana_admin_login: admin
|
|
vault_grafana_admin_password: changeme
|
|
vault_grafana_viewer_name: Viewer
|
|
vault_grafana_viewer_login: viewer
|
|
vault_grafana_viewer_password: changeme
|
|
|
|
# Pushover (Alertmanager notifications)
|
|
vault_pushover_user_key: changeme
|
|
vault_pushover_api_token: changeme
|
|
|
|
# GitHub MCP
|
|
vault_github_personal_access_token: changeme
|
|
|
|
# MCP Authentication Tokens
|
|
vault_angelia_mcp_auth: changeme
|
|
vault_athena_mcp_auth: changeme
|
|
vault_kairos_mcp_auth: changeme
|
|
|
|
# Athena
|
|
vault_athena_secret_key: changeme
|
|
vault_athena_db_password: changeme
|
|
vault_athena_oauth_client_id: changeme
|
|
vault_athena_oauth_client_secret: changeme
|
|
|
|
# Arke NTTh API Tokens
|
|
vault_ntth_token_1_app_secret: changeme
|
|
vault_ntth_token_2_app_secret: changeme
|
|
vault_ntth_token_3_app_secret: changeme
|
|
vault_ntth_token_4_app_secret: changeme
|
|
|
|
# Kottos (Pallas FastAgent runtime on puck)
|
|
# vault_kottos_openai_api_key — API key for the OpenAI-compatible LLM
|
|
# endpoint (nyx Qwen in Ouranos, varies
|
|
# per environment). Set to any string
|
|
# if the endpoint doesn't validate.
|
|
# vault_kottos_github_pat — GitHub personal access token passed
|
|
# into the github MCP Docker container
|
|
# via GITHUB_PERSONAL_ACCESS_TOKEN env.
|
|
# vault_kottos_angelia_bearer — Bearer token for the Angelia MCP
|
|
# server (accepts the outgoing auth).
|
|
# vault_kottos_mnemosyne_jwt — Long-lived team JWT minted in the
|
|
# Daedalus admin UI → Settings →
|
|
# Pallas Instances → kottos row →
|
|
# "Reveal" or "Rotate". Mnemosyne
|
|
# validates this on every search_memory
|
|
# call and scopes results to the
|
|
# workspaces attached to this team.
|
|
vault_kottos_openai_api_key: changeme
|
|
vault_kottos_github_pat: changeme
|
|
vault_kottos_angelia_bearer: changeme
|
|
vault_kottos_mnemosyne_jwt: changeme
|