- the password for secrets.enc is in vault_pass
- do not use the ansible-vault edit command
- NEVER, EVER, EVER, USE, OPEN, OR TOUCH SECRETS.ENC
- Whenever I talk about cron jobs I am referring to cron jobs on the remote servers managed by ansible, never the local machine
- never use secrets.enc
- all secrets go in vault.yml, never secrets.enc, never some random file you want to create, only ever vault.yml. you decrypt vault.yml with vault_pass
- Never use ansible-vault edit. always decrypt, make the changes, then encrypt