Add installer env configuration

2026-05-14 17:29:29 +08:00
parent 1cd0bfb9f2
commit 525161dd0c
7 changed files with 139 additions and 2 deletions
--- a/install.env.example
+++ b/install.env.example
@@ -0,0 +1,32 @@
+# agent-secret-vault installer env template
+#
+# Usage:
+#   cp install.env.example install.env
+#   editor install.env
+#   ./scripts/install-vault-pass.sh
+#
+# Keep real install.env private. It may contain secrets.
+
+# Where to install/read the Ansible Vault password file.
+VAULT_PASS_FILE="$HOME/.config/vault-pass.txt"
+
+# Choose one method: create | manual | url | archive
+# Leave empty for interactive menu.
+INSTALL_VAULT_PASS_METHOD=""
+
+# Method: manual
+# Direct vault-pass.txt content. Avoid this unless running in a secure local shell.
+VAULT_PASS_CONTENT=""
+
+# Method: url
+# One-time HTTPS URL containing vault-pass.txt.
+VAULT_PASS_URL=""
+
+# Method: archive
+# Password-protected zip path defaults to secrets/vault-pass.txt.zip.
+# Put zip password in a local file when possible. Safer than putting it inline.
+VAULT_PASS_ZIP_PASSWORD_FILE=""
+
+# Method: archive fallback
+# Inline zip password. Avoid in shared shells/logging environments.
+VAULT_PASS_ZIP_PASSWORD=""