From 4275a0bc23b6ae093ddd4c961a3b4b8dcc0639cf Mon Sep 17 00:00:00 2001
From: Ethan Paul <e@enp.one>
Date: Wed, 10 Nov 2021 23:54:25 -0500
Subject: [PATCH] Add optional support for passing datastore encryption key
 from caller

---
 roles/datastore/tasks/mounts.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/datastore/tasks/mounts.yaml b/roles/datastore/tasks/mounts.yaml
index 3986db0..1731d82 100644
--- a/roles/datastore/tasks/mounts.yaml
+++ b/roles/datastore/tasks/mounts.yaml
@@ -60,6 +60,7 @@
   block:
     - name: Prompt for decryption key
       no_log: true
+      when: skylab_datastore_encryption_password is not defined
       ansible.builtin.pause:
         prompt: >-
           Datastore device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }} is not
@@ -73,7 +74,7 @@
         device: /dev/{{ skylab_datastore_device }}
         state: opened
         name: brick
-        passphrase: "{{ _luks_decryption_key.user_input }}"
+        passphrase: "{{ _luks_decryption_key.user_input | default(skylab_datastore_encryption_password) }}"
 
     - name: Fetch updated block device information
       ansible.builtin.command: