Add secret variables

Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/role/salt/master.sls

@@ -1,4 +1,6 @@
 salt:
+  gpg_keydir: ${'secret_salt:master:gpg_keydir'}
+  interface: ${'secret_salt:master:interface'}
   master_remove_config: True
   master:
     cache: redis
@@ -17,8 +19,12 @@ salt:
       - https://git.com.de/LibertaCasa/salt.git:
         - root: salt
         - base: production
+        - user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
+        - password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
     ext_pillar:
       - netbox:
+          api_url: ${'secret_salt:master:ext_pillar:netbox:api_url'}
+          api_token: ${'secret_salt:master:ext_pillar:netbox:api_token'}
           virtual_machines: True
           interfaces: True
           interface_ips: True
@@ -27,6 +33,12 @@ salt:
       - git:
         - production https://git.com.de/LibertaCasa/salt.git:
           - root: pillar
+          - user: ${'secret_salt:master:ext_pillar:git:LibertaCasa:user'}
+          - password: ${'secret_salt:master:ext_pillar:git:LibertaCasa:password'}
+        - production https://git.com.de/Lysergic/salt.git:
+          - root: ${'secret_salt:master:ext_pillar:git:Lysergic:root'}
+          - user: ${'secret_salt:master:ext_pillar:git:Lysergic:user'}
+          - password: ${'secret_salt:master:ext_pillar:git:Lysergic:password'}
     ext_pillar_first: True
     pillar_merge_lists: True
     log_level: info
@@ -34,3 +46,7 @@ salt:
     timeout: 20
     gather_job_timeout: 20
     keep_jobs: 30
+    user: ${'secret_salt:master:user'}
+    syndic_user: ${'secret_salt:master:syndic_user'}
+    cache.redis.unix_socket_path: ${'secret_salt:master:cache.redis.unix_socket_path'}
+    cache.redis.password: ${'secret_salt:master:cache.redis.password'}