Migrate Ansible op calls to op read URI syntax (#125)

## Summary
- Convert all 12 `op item get ... --fields ... --reveal` calls in Ansible to the newer `op read "op://vault/item/field"` syntax
- Remove the `regex_replace` workaround on the Fly deploy token (no longer needed since `op read` returns clean unquoted values)
- Covers `ansible/playbooks/indri.yml`, `ansible/roles/caddy/tasks/main.yml`, `ansible/roles/jellyfin_metrics/tasks/main.yml`, and `ansible/roles/alloy/tasks/main.yml`

## Test plan
- [x] `mise run provision-indri -- --check --diff` dry run passes (ok=67, failed=0)
- [x] No `op item get` calls remain in `ansible/` directory
- [x] All pre-commit hooks pass (yaml, ansible-lint, TruffleHog, etc.)
- [ ] Full provision run after merge to confirm secrets resolve correctly

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/125

This commit is contained in:

Erich Blume

2026-02-08 10:52:43 -08:00

parent 234c46c302

commit 7f41621c7f

5 changed files with 14 additions and 15 deletions

									
										1

docs/changelog.d/op-read-migration.infra.md
									
										Normal file
									
										View file
										
				@ -0,0 +1 @@

				Migrate all Ansible `op item get` calls to `op read` URI syntax for cleaner output and remove the `regex_replace` workaround on the Fly deploy token.

				`@ -0,0 +1 @@`
				Migrate all Ansible `op item get` calls to `op read` URI syntax for cleaner output and remove the `regex_replace` workaround on the Fly deploy token.

Rows
Columns

Migrate Ansible op calls to op read URI syntax (#125)

1 docs/changelog.d/op-read-migration.infra.md Normal file Unescape Escape View file

1

docs/changelog.d/op-read-migration.infra.md Normal file

View file