Document which values are secrets and what to do about them.

[olizilla]

It'd be worth documenting that the private keys in the host_vars are secrets and should not be pushed to a public repo. We could suggest ansible vault for encrypting them.

Same goes for ipfs_cluster_secret in group_vars/ipfs.yml which could be pulled into a seperate file and encrypted with ansible vault too.

[olizilla]

If that sounds reasonable I can PR an update here. I've got a branch that I'm using to try out cluster on DO droplet, over here https://github.com/hsanjuan/ansible-ipfs-cluster/compare/master...tableflip:example-with-secrets with the changes needed to use anisible-vault...

• move group_vars/ipfs.yml to group_vars/ipfs/ipfs.yml
• extract the cluster secret key to group_vars/ipfs/secrets.yml
• add --ask-vault-pass to make file, and create an all.yml playbook with does both roles, so we only have to enter the vault password once.

Also of note, I had to add

[all:vars]
ansible_python_interpreter=/usr/bin/python3

...to my inventory as Ubuntu 18.04.2 doesn't ship with python on the path, only python3. Adding that fixes ansible error you get when it tries to run python on the remote node.