litellm: pull /meridian secrets in-playbook from Infisical (runner-agnostic)
Replaces the deploy.sh env-var hand-off (which only worked locally and would have made Semaphore write placeholder keys, regressing direct_*) with the standard in-playbook Infisical pull used by dawarich/mcp/cloudflared: - site.yml pre_tasks: login via the shared 828d2cc8 machine identity, read /meridian as_dict, set_fact litellm_master_key + the openai/gemini keys. - vars/vault.yml: shared ansible-vault client secret (copied from sibling repo). - requirements.yml: + infisical.vault. - deploy.sh: drop the infisical-CLI pulls; add --ask-vault-pass. Same secret path for Semaphore and local — no per-template env wiring. Deploy prereqs: attach the ansible-vault password to Semaphore template 27, and ensure the 828d2cc8 identity can read /meridian (env prod). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Your Name
@@ -2,3 +2,4 @@
|
||||
collections:
|
||||
- name: community.general
|
||||
- name: ansible.posix
|
||||
- name: infisical.vault
|
||||
|
||||
Reference in New Issue
Block a user