---
- name: Create secrets
  ansible.builtin.import_role:
    name: container
    tasks_from: secrets.yaml
    rolespec_validate: false # FIXME make proper validation possible
  vars:
    container_name: "{{ service_name }}"
    container_secrets: "{{ _service_container_secrets }}"

- name: Gather secrets information
  containers.podman.podman_secret_info:
    showsecret: true
  register: _service_podman_secret_info
  no_log: true

- name: Store secrets in a variable for later
  ansible.builtin.set_fact:
    service_podman_secrets: >
      {{ _service_podman_secret_info.secrets
        | map(attribute='Spec.Name')
        | zip(_service_podman_secret_info.secrets | map(attribute='SecretData'))
        | community.general.dict
      }}
  no_log: true