Drone CI: Add secret management

.drone.yml

@@ -15,18 +15,37 @@ node:
   ansible: true
 
 steps:
+  - name: Prepare Secrets
+    image: registry.tobiasmanske.de/ansible-runner:latest
+    pull: always
+    environment:
+      VAULT_PASS:
+        from_secret: vault_pass
+      SSH_KEY:
+        from_secret: ssh_key
+    commands:
+      - echo $${VAULT_PASS} > /drone/src/vault_pass
+      - echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
+      - chmod 600 /drone/src/ssh_key
+      - chmod 600 /drone/src/vault_pass
   - name: Run Ansible
     image: registry.tobiasmanske.de/ansible-runner:latest
     pull: always
+    environment:
+      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
+      ANSIBLE_FORCE_COLOR: "true"
     commands:
       - cd coreos-config
-      - ansible-playbook --limit host.nc.chaoswg.org --private-key /ssh_key --inventory=inventory.yaml playbook.yaml
+      - ansible-playbook --limit host.nc.chaoswg.org --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml
   - name: Validate Ansible
     image: registry.tobiasmanske.de/ansible-runner:latest
     pull: always
+    environment:
+      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
+      ANSIBLE_FORCE_COLOR: "true"
     commands:
       - cd coreos-config
-      - ansible-playbook --limit host.nc.chaoswg.org --check --private-key /ssh_key --inventory=inventory.yaml playbook.yaml
+      - ansible-playbook --limit host.nc.chaoswg.org --check --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml
 
 image_pull_secrets:
   - registry