---
- name: initialize vault
  become: true
  no_log: true
  ansible.builtin.command:
    cmd: >
      vault operator init
        -tls-skip-verify -non-interactive -format=yaml
        -key-shares={{ hc_vault_init_key_shares_count }}
        -key-threshold={{ hc_vault_init_key_threshold }}
    chdir: '{{ hc_vault_root_dir }}'
  environment:
    VAULT_ADDR: 'https://127.0.0.1:8200'
    DBUS_SESSION_BUS_ADDRESS: '/dev/null'
  register: init_data

- name: set init data filename
  no_log: true
  ansible.builtin.set_fact:
    hc_vault_init_data_filename: "{{ hc_vault_init_data_filepath | default('/tmp', True) }}/vault_{{ ansible_facts['fqdn'] }}_init.yml"

- name: save initialization data
  connection: local
  no_log: true
  block:
    - name: save content to temp file
      ansible.builtin.copy:
        content: '{{ init_data.stdout }}'
        dest: '{{ hc_vault_init_data_filename }}'
        mode: '0600'
        owner: "{{ ansible_facts['user_id'] }}"
        group: "{{ ansible_facts['user_id'] }}"

- name: print init data file location
  no_log: true
  ansible.builtin.debug:
    msg: 'Initialization data is stored in file "{{ hc_vault_init_data_filename }}". MAKE SURE TO SAVE IT SOMEWHERE SAFE!'
    verbosity: 0