This repository was archived by the owner on Dec 29, 2018. It is now read-only.
This repository was archived by the owner on Dec 29, 2018. It is now read-only.
Add warning about secrets.yml? #1
Description
Basically, people should feel comfortable enough committing a Vault-encrypted file—as long as the password they used to encrypt it is a secure password (e.g. lots of entropy).
If you use a password like testtesttest to encrypt an Ansible Vault-encrypted file, then someone could grab the public repo and easily brute force the password (since there's no other protection mechanism, and anyone can have Ansible Vault installed).
Anyways, I don't know if I want to do anything more here... but it would at least be good to add a stern warning about knowing what you're doing before you post anything secret to the wider world—even if it's encrypted!