As explained in the Overview, we use different ansible inventories based on the target infra that we'll target.
Apart from the roles and playbooks which are all common for all environments, each env will use its own :
- pkistore (shared though for
dev, but different for the other ones)
Based on the requirements and on which git forge solution it's hosted on, people will be granted RWC (Read / Write / Commit) rights on the specific (non public, for obvious reasons) git repositories
Worth also knowing that, depending on the Env requirements, some will be fully encrypted (with
git-crypt) and other will have a mix of readable/encrypted content (with
ansible-vault) so that (even if private repositories), some other team members can submit PR/MR against inventory without having access to the stored (and encrypted) credentials