The gnupg python library uses the $GNUPG_HOME environment variable
to detect where the GnuPG home is. Setting a default of `~/.gnupg`
which overrides the library behaviour breaks this.
Setting the fact inside the module itself lead to secrets being cached
in plain text on the ansible controller. Apparently, there is no way to
non-persistently cache facts without using the builtin set_fact action.
See https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/strategy/__init__.py#L708
Added a warning about using the feature and reverted to the set_fact
action plugin.
If changes are happening inside the module, the changes are
automatically committed to the repo
Co-authored-by(gpg_secretstore): Jan Christian Grünhage <jan.christian@gruenhage.xyz>
Instead of manually setting the reencrypt parameter, we're automatically
reencrypting secrets now if the list of recipients does not match. This
way, we can make sure that recipients are kept up to date here. We're
also logging differences in recipients, as well as adding more useful
messages to the return value in general.
In addition to that, the module has seen quite some refactoring, making
it a lot more maintainable.