diff --git a/content/slides/cri/ansible.html b/content/slides/cri/ansible.html
new file mode 100644
index 0000000000000000000000000000000000000000..81035b800d1739ae139442172dfaa545d4e8cad1
--- /dev/null
+++ b/content/slides/cri/ansible.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>ansible</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/ansible.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ </body>
+</html>
diff --git a/content/slides/cri/aws.html b/content/slides/cri/aws.html
new file mode 100644
index 0000000000000000000000000000000000000000..ca0127532a8f96868057425aff08ba0ccb82b89c
--- /dev/null
+++ b/content/slides/cri/aws.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>aws</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/aws.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ </body>
+</html>
diff --git a/content/slides/cri/images/ansible.png b/content/slides/cri/images/ansible.png
new file mode 100644
index 0000000000000000000000000000000000000000..7eaf8576436fab41350860435650d195a908293a
Binary files /dev/null and b/content/slides/cri/images/ansible.png differ
diff --git a/content/slides/cri/images/aws.png b/content/slides/cri/images/aws.png
new file mode 100644
index 0000000000000000000000000000000000000000..75a597cec11d80e741a87f4e068c7491837fdfab
Binary files /dev/null and b/content/slides/cri/images/aws.png differ
diff --git a/content/slides/cri/images/terraform.png b/content/slides/cri/images/terraform.png
new file mode 100644
index 0000000000000000000000000000000000000000..9fe7c5b869d7940a78f405e30e38d980e6ae69cc
Binary files /dev/null and b/content/slides/cri/images/terraform.png differ
diff --git a/content/slides/cri/images/vault.png b/content/slides/cri/images/vault.png
new file mode 100644
index 0000000000000000000000000000000000000000..007f594268113918babeae75c23e2cf51d0fe660
Binary files /dev/null and b/content/slides/cri/images/vault.png differ
diff --git a/content/slides/cri/md/ansible.md b/content/slides/cri/md/ansible.md
new file mode 100644
index 0000000000000000000000000000000000000000..41c051cea0027bc7ccf3a86e5228f0fe487dc43c
--- /dev/null
+++ b/content/slides/cri/md/ansible.md
@@ -0,0 +1,41 @@
+# ansible
+
+<!-- .element width="30%" -->
+
+
+* task
+ * register
+ * debug
+ * loop
+ * set_fact
+ * pre_task
+* roles
+
+* playbook
+ * ligne de commande
+ * --check --diff
+ * verbosité
+ * tags
+* variable (see debug task)
+ * hierarchie
+ * from env ou Vault
+ * acces dynamique
+ * ansible-vault : utiliser vault
+* plugin
+ * callback
+ * filter
+ * lookup
+* modules ansible utile
+ * pexpect
+* remote roles
+
+
+### Récupérer les roles nécessaires
+
+* mettre à jour `requirements.yml` avec les rôles nécessaires
+
+* récupérer les rôles
+
+```
+ansible-galaxy install -f -r requirements.yml -p ansible/roles/public
+```
diff --git a/content/slides/cri/md/aws.md b/content/slides/cri/md/aws.md
new file mode 100644
index 0000000000000000000000000000000000000000..58bb94000fccec6f3e496772c10462b8b6468e10
--- /dev/null
+++ b/content/slides/cri/md/aws.md
@@ -0,0 +1,5 @@
+# aws
+
+<!-- .element width="30%" -->
+
+aka **AW**esome **S**tack
diff --git a/content/slides/cri/md/terraform.md b/content/slides/cri/md/terraform.md
new file mode 100644
index 0000000000000000000000000000000000000000..c36396af1717a31c14f8994e5afc66dfd0dcc624
--- /dev/null
+++ b/content/slides/cri/md/terraform.md
@@ -0,0 +1,3 @@
+# terraform
+
+<!-- .element width="30%" -->
diff --git a/content/slides/cri/md/vault.md b/content/slides/cri/md/vault.md
new file mode 100644
index 0000000000000000000000000000000000000000..04bb22af5911afc8858084880e479e5f5bb414c4
--- /dev/null
+++ b/content/slides/cri/md/vault.md
@@ -0,0 +1,65 @@
+# vault
+**By HashiCorp**
+
+<!-- .element width="30%" -->
+
+[https://vault.isima.fr](https://vault.isima.fr)
+
+
+# Secrets
+
+Il existe deux étages deux secrets dans la stack
+
+* les **secrets locaux**: sont gérés par la commande `ansible-vault` et peuvent être lus simplement avec la commande `avq` de la stack (accessible une fois l'environnement activé). Les **secrets locaux** sont chiffrés en local, mais le fait qu'ils ne soient pas versionnés rend ce chiffrement non indispensable.
+
+* les **secrets globaux**: sont gérés par la commande `vault` de HashiCorp et peuvent être lus simplement avec la commande `hvq` de la stack (accessible une fois l'environnement activé). les secrets sont disponibles selon les permissions du jeton utilisés. les **secrets globaux** sont utilisés pour construire les **secrets locaux**
+
+## Générer un secret
+
+Un secret robuste en ligne de commande se génère avec la commande `openssl` comme suit
+
+```
+$ openssl rand -base64 256
+```
+
+écrire le secret dans un fichier
+
+```
+$ openssl rand -base64 256 > ~/.ansible_secrets/stack
+```
+
+Stocker le secret directement dans hashicorp vault
+
+```
+$ openssl rand -base64 256 @TODO
+```
+
+## Vault
+
+```
+vault login -method=ldap username=vimazeno # vault login token=<token>
+vault kv put cri/clusters/ovh/duncan/proxmoxapi password=itsasecret
+vault read cri/clusters/ovh/duncan/proxmoxapi
+vault read cri/clusters/ovh/duncan/proxmoxapi -format=json
+vault read cri/clusters/ovh/duncan/proxmoxapi -format=json | jq .data
+vault read cri/clusters/ovh/duncan/proxmoxapi -format=json | jq .data.password
+vault delete cri/clusters/ovh/duncan/proxmoxapi
+```
+
+l'authentification ldap créée un fichier dans ~/.vault-token contenant votre token utilisateur avec vos permissions associées
+
+```
+vault kv patch cri/clusters/ovh/duncan/proxmoxapi password="$(openssl rand -base64 25)"
+```
+
+**N.B.** patch met à jour l'entrée avec KV2 et écrase les autres avec KV1 (on a activé KV2)
+
+## Stocker un secret
+
+Ce secret devrait être stocké dans https://vault.isima.fr
+
+Avec la commande `vault` [@TODO vault install] dans le path adéquat.
+
+Interroger la structure du vault avec la command `vault-tree` avant de choisir le path du secret semble une bonne idée [vault-tree]().
+
+Ces consignes sont valables pour tous le secrets de ce tutoriel
diff --git a/content/slides/cri/terraform.html b/content/slides/cri/terraform.html
new file mode 100644
index 0000000000000000000000000000000000000000..f57a5f49197e2d71a94c55fb8958e8a852a10585
--- /dev/null
+++ b/content/slides/cri/terraform.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>terraform</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/terraform.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ </body>
+</html>
diff --git a/content/slides/cri/vault.html b/content/slides/cri/vault.html
new file mode 100644
index 0000000000000000000000000000000000000000..15fa86ec86e349a6b2116afa94b24b507a2c9221
--- /dev/null
+++ b/content/slides/cri/vault.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+ <title>vault</title>
+
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+ <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+ <!-- Theme used for syntax highlighting of code -->
+ <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+ <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+ <link rel="stylesheet" href="../main.css">
+
+ <!-- Printing and PDF exports -->
+ <script>
+ var link = document.createElement( 'link' );
+ link.rel = 'stylesheet';
+ link.type = 'text/css';
+ link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+ document.getElementsByTagName( 'head' )[0].appendChild( link );
+ </script>
+ </head>
+ <body>
+ <div class="reveal">
+ <div class="slides">
+ <section data-markdown="md/vault.md"
+ data-separator="^\n\n\n"
+ data-separator-vertical="^\n\n"
+ data-separator-notes="^Note:"
+ data-charset="utf-8">
+ </section>
+ </div>
+ </div>
+
+ <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+ <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+ <script>
+ // More info about config & dependencies:
+ // - https://github.com/hakimel/reveal.js#configuration
+ // - https://github.com/hakimel/reveal.js#dependencies
+ Reveal.initialize({
+ controls: true,
+ progress: true,
+ history: true,
+ center: false,
+ dependencies: [
+ { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+ { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+ { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+ { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+ ]
+ });
+ </script>
+ </body>
+</html>
diff --git a/content/slides/index.html b/content/slides/index.html
index cc57c29b06c9dc44a45e8c3aa1c02a600ce26ac3..058d0bd4e2d78481a89e628bf614b038ff06f524 100644
--- a/content/slides/index.html
+++ b/content/slides/index.html
@@ -67,6 +67,10 @@
<h3>cri</h3>
<li><a href="cri/criprod.html">criprod</a></li>
+<li><a href="cri/vault.html">vault</a></li>
+<li><a href="cri/ansible.html">ansible</a></li>
+<li><a href="cri/terraform.html">terraform</a></li>
+<li><a href="cri/aws.html">aws</a></li>
<h3>privacy</h3>