From 6c6e7dcb7b7ba702bd56c59c8004701839d9b5ea Mon Sep 17 00:00:00 2001
From: hygienic-books <hygienic-books@tentic.net>
Date: Mon, 25 Jul 2022 00:58:53 +0200
Subject: [PATCH] docs(role): Give example how to define defaults to make this
 role easier to use

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 533baec..76a7aaa 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,20 @@ In a real-world use case you'll likely first query HashiCorp Vault for key-value
 
 The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: 'server'`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables.
 
+## Defining defaults
+
+Whereever you import this role you're most likely going to want to define the following variables in your role's `defaults/main.yml` file or at a similar location. Here `<role>` is a string you'll replace with the name of the role that imports `role_include_vault-check`.
+
+```
+<role>_vault_vars: ['password', 'password_salt']
+<role>_vault_base: '{{ fqdn_reverse }}/os/{{ reset_password_for_account }}'
+<role>_vault_paths: '{{ [<role>_vault_base + ''/''] | product(<role>_vault_vars) | map(''join'') | list }}'
+```
+
+Check out [Git repo quico.space/quico-ansible/role_common_local-os-password](https://quico.space/quico-ansible/role_common_local-os-password) for a reference of how to define `defaults/main.yml` and then to import this role.
+
+## Vault check
+
 The next step can be this `role_include_vault-check` to hard-fail in case a key turned out to have an empty value.
 
 ```