Remove platform password encryption

roles/platform/tasks/create-properties-file.yml

@@ -4,46 +4,6 @@
 
 # TODO: Do we still need to support the primary/secondary concept?
 
-# Note: Platform's encrypt.js script does not take command line arguments.
-# Instead, it prompts the user for input, reads it from stdin, and prints the key on the last line.
-# This necessitates the use of the workaround below.
-- name: Encrypt default passwords
-  when: not (platform_configure_vault | bool)
-  tags: encrypt_default_passwords
-  no_log: true
-  block:
-    - name: Generate encrypted passwords
-      ansible.builtin.shell: >
-        set -o pipefail &&
-        (echo "{{ item.plaintext }}"; sleep 2; echo "{{ platform_encryption_key }}") |
-        node {{ platform_server_dir }}/utils/encrypt.js 2>&1 |
-        tail -n 1
-      args:
-        executable: /bin/bash
-      loop:
-        - name: platform_redis_password_encrypted
-          plaintext: "{{ platform_redis_password }}"
-        - name: platform_redis_sentinel_password_encrypted
-          plaintext: "{{ platform_redis_sentinel_password }}"
-        - name: platform_mongo_password_encrypted
-          plaintext: "{{ platform_mongo_password }}"
-        - name: platform_default_user_password_encrypted
-          plaintext: "{{ platform_default_user_password }}"
-      register: encrypt_results
-      changed_when: false
-      failed_when: >
-        encrypt_results.rc != 0 or
-        encrypt_results.stdout == "" or
-        not encrypt_results.stdout.startswith("$ENC") or
-        (encrypt_results.stdout.split(':') | last | length) != 32
-
-    - name: Set encrypted passwords
-      ansible.builtin.set_fact:
-        "{{ item.item.name }}": "{{ item.stdout }}"
-      loop: "{{ encrypt_results.results }}"
-      loop_control:
-        label: "{{ item.item.name }}"
-
 - name: Create the platform.properties file
   ansible.builtin.template:
     src: "{{ item }}"

roles/platform/tasks/encrypt-passwords.yml

@@ -0,0 +1,47 @@
+# Copyright (c) 2024, Itential, Inc
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+---
+# Note: Platform's encrypt.js script does not take command line arguments.
+# Instead, it prompts the user for input, reads it from stdin, and prints the key on the last line.
+# This necessitates the use of the workaround below.
+- name: Encrypt default passwords
+  when: not (platform_configure_vault | bool)
+  tags: encrypt_default_passwords
+  no_log: true
+  notify: Enable and Start Platform
+  block:
+    - name: Generate encrypted passwords
+      ansible.builtin.shell: >
+        set -o pipefail &&
+        (echo "{{ item.plaintext }}"; sleep 2; echo "{{ platform_encryption_key }}") |
+        node {{ platform_server_dir }}/utils/encrypt.js 2>&1 |
+        tail -n 1
+      args:
+        executable: /bin/bash
+      loop:
+        - name: platform_redis_password_encrypted
+          plaintext: "{{ platform_redis_password }}"
+        - name: platform_redis_sentinel_password_encrypted
+          plaintext: "{{ platform_redis_sentinel_password }}"
+        - name: platform_mongo_password_encrypted
+          plaintext: "{{ platform_mongo_password }}"
+        - name: platform_default_user_password_encrypted
+          plaintext: "{{ platform_default_user_password }}"
+      register: platform_encrypt_results
+      changed_when: false
+      failed_when: >
+        platform_encrypt_results.rc != 0 or
+        platform_encrypt_results.stdout == "" or
+        not platform_encrypt_results.stdout.startswith("$ENC") or
+        (platform_encrypt_results.stdout.split(':') | last | length) != 32
+
+    - name: Set encrypted passwords
+      ansible.builtin.set_fact:
+        "{{ item.item.name }}": "{{ item.stdout }}"
+      loop: "{{ platform_encrypt_results.results }}"
+      loop_control:
+        label: "{{ item.item.name }}"
+
+    - name: Create properties.json file
+      ansible.builtin.include_tasks:
+        file: create-properties-file.yml