Public Github repo with Ansible Vault encrypting sensitive info

I really want to keep as much of my code public as possible. I have been looking into Ansible Vault and its ability to encrypt sensitive information. Is it possible/advisable to make a public repo on github this way?

I want to share what I know as I learn, but without comprimising the security of my web apps.

What are you sharing but also need to encrypt? Generally you use environment variables for any keys or passwords you want kept secret.

Current structure: I git clone bedrock-ansible and bedrock into project


I want my wordpress site to be accessible publicly on github. Is there any sensitive information that gets held outside of the bedrock-ansible directory? From what I understand everything links to files in there, eg to the group_vars files.

How I was working before:
No vagrant, just bedrock-site.
Deploy with cap production deploy or cap staging deploy.

I’ve now started using bedrock-ansible and find it great that I can simulate my server environment, especially when homebrew decides to upgrade packages that break the native OSX LAMP stack.

I am just a bit confused as to what to do with it all. Do I still deploy with cap staging deploy? Meaning that the bedrock-ansible folder is left out of the repo? Or do I use vagrant push? Ideally I’d love to push the entire thing so that I don’t have to worry about setting up a server each time I create a client project, as I host them myself.

There’s nothing sensitive in a Bedrock repo by default so you can easily make that public and not worry.

bedrock-ansible is a completely different matter. Obviously by default there’s a ton of sensitive data in plain text. Yes you could encrypt some files with Ansible Vault and then make that public as well. However, that’s quite weird in my opinion. Would be better to make a fork public.

To answer your other question, nothing really changes for deploying unless you want it to. You don’t want to “deploy” your bedrock-ansible repo so the structure is good. We happen to use the exact same one for the project.

bedrock-ansible has Ansible based deploys coming soon so that will simplify things further. No need for another tool/language like Capistrano.

@swalkinshaw thank you for clearing things up for me, I appreciate your time! So I can keep working like I used to, and now I have a more reliable local version of my site. Awesome.