blumeops

History

Erich Blume b7ccca87f3 Secure password management via 1Password CLI in ansible - All passwords fetched from 1Password at runtime using `op` CLI - pg_hba.conf uses scram-sha-256 everywhere (no trust mode) - initdb uses --pwfile for secure superuser password bootstrap - All password-handling tasks use no_log: true - Add borgmatic user with pg_read_all_data for backup dumps - Remove pg-setup mise task (no longer needed) - Miniflux fetches password directly from 1Password Requires: `op signin` before running ansible Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-16 08:06:29 -08:00
..
main.yml	Secure password management via 1Password CLI in ansible	2026-01-16 08:06:29 -08:00

Erich Blume b7ccca87f3 Secure password management via 1Password CLI in ansible

- All passwords fetched from 1Password at runtime using `op` CLI
- pg_hba.conf uses scram-sha-256 everywhere (no trust mode)
- initdb uses --pwfile for secure superuser password bootstrap
- All password-handling tasks use no_log: true
- Add borgmatic user with pg_read_all_data for backup dumps
- Remove pg-setup mise task (no longer needed)
- Miniflux fetches password directly from 1Password

Requires: `op signin` before running ansible

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-16 08:06:29 -08:00

main.yml

Secure password management via 1Password CLI in ansible

2026-01-16 08:06:29 -08:00