added secret encrpytion script and check, incl pre-commit hook

Makefile

@@ -1,13 +1,14 @@
 .PHONY: all deploy check clean create debug editvars test
 
 
-VARS = group_vars/all/vars.yaml
-VALL = group_vars/all/all.yaml
-TOKEN = $(shell ansible-vault decrypt --output - $(VARS) | grep hetzner_cloud_token | cut -d' ' -f2)
+VARS		= group_vars/all/vars.yaml
+VALL		= group_vars/all/all.yaml
+SECRET		= ~/.config/ansible/hcloud.secret
+KEYDIR		= roles/pubnix/files/keys
+TOKEN		= $(shell ansible-vault decrypt --output - $(VARS) | grep hetzner_cloud_token | cut -d' ' -f2)
+SNAPNAME	= $(shell cat $(VALL) | yq .snapshot)
 
-SNAPNAME = $(shell cat $(VALL) | yq .snapshot)
-
-SNAPSHOT = $(shell hcloud image  list -t snapshot -o yaml | \
+SNAPSHOT    = $(shell hcloud image  list -t snapshot -o yaml | \
 			       yq '. | map(select(.description == "$(SNAPNAME)")) | .[].id')
 
 OPTIONS = -i inventory -t active
@@ -20,9 +21,6 @@ SHOW_COMMAND = ansible-inventory -i inventory/hosts.hcloud.yaml --list
 
 ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)
 
-x:
-	@echo $(TOKEN)
-
 all: create deploy
 
 debug:
@@ -42,6 +40,10 @@ clean:
 
 check:
 	$(ENV) ansible-playbook deploy.yaml  --syntax-check
+	bin/encryptkeys $(KEYDIR) $(SECRET) check
+
+encryptkeys:
+	bin/encryptkeys $(KEYDIR) $(SECRET) encrypt
 
 editvars:
 	ansible-vault decrypt $(VARS)