don't use static oauth keys, generate them during deployment

evgeni · evgeni · commit 638d9728612b · 2026-03-25T09:49:08.000+01:00
diff --git a/src/vars/base.yaml b/src/vars/base.yaml
@@ -18,8 +18,6 @@ candlepin_client_certificate: "{{ client_certificate }}"
 foreman_ca_certificate: "{{ server_ca_certificate }}"
 foreman_client_key: "{{ client_key }}"
 foreman_client_certificate: "{{ client_certificate }}"
-foreman_oauth_consumer_key: abcdefghijklmnopqrstuvwxyz123456
-foreman_oauth_consumer_secret: abcdefghijklmnopqrstuvwxyz123456
 foreman_plugins: "{{ enabled_features | features_to_foreman_plugins }}"
 foreman_url: "https://{{ ansible_facts['fqdn'] }}"
 
diff --git a/src/vars/foreman.yml b/src/vars/foreman.yml
@@ -2,3 +2,8 @@
 foreman_admin_passwd_file: "{{ obsah_state_path }}/foreman-admin-init-passwd"
 foreman_initial_admin_username: admin
 foreman_initial_admin_password: "{{ lookup('ansible.builtin.password', foreman_admin_passwd_file, chars=['ascii_letters']) }}"
+
+foreman_oauth_consumer_key_file: "{{ obsah_state_path }}/foreman-oauth-consumer-key"
+foreman_oauth_consumer_key: "{{ lookup('ansible.builtin.password', foreman_oauth_consumer_key_file, chars=['ascii_letters', 'digits'], length=32) }}"
+foreman_oauth_consumer_secret_file: "{{ obsah_state_path }}/foreman-oauth-consumer-secret"
+foreman_oauth_consumer_secret: "{{ lookup('ansible.builtin.password', foreman_oauth_consumer_secret_file, chars=['ascii_letters', 'digits'], length=32) }}"
