Update Gandi API token

For certbot renewals. Also set resource to sensitive in ejabberd recipe.

Co-authored-by: Greg Karékinian <greg@karekinian.com>

data_bags/credentials/gandi_api.json

@@ -1,23 +1,23 @@
 {
   "id": "gandi_api",
   "key": {
-    "encrypted_data": "Ky1/PdywtEIl5vVXhzu3n2JetqOxnNjpjQ7yCao6qwIAn8oYxnv1c1hFAQ==\n",
+    "encrypted_data": "lU7/xYTmP5Sb6SsK5TNNIyegWozzBtUzpg7oDdl6gcz9FEMmG2ft0Ljh5Q==\n",
-    "iv": "stAc2FxDvUqrh0kt\n",
+    "iv": "EZPQD3C+wsP/mBhF\n",
-    "auth_tag": "rcK4Qt+f2O4Zo5IMmG0fkw==\n",
+    "auth_tag": "vF9E8Pj4Z8quJJdOMg/QTw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "access_token": {
-    "encrypted_data": "J7zoLhEbPfPjnVWBmFmDdPKRer5GGw2o6Ad0uinznANugfaDiqjyYinOdEDF\nHlAqLmXv4J40rr3F+o4=\n",
+    "encrypted_data": "1Uw69JkNrmb8LU/qssuod1SlqxxrWR7TJQZeeivRrNzrMIVTEW/1uwJIYL6b\nM4GeeYl9lIRlMMmLBkc=\n",
-    "iv": "fAxFqVh9QqrfBsPW\n",
+    "iv": "cc1GJKu6Cf4DkIgX\n",
-    "auth_tag": "9ugi4frDLv8f7X0X1+k4DA==\n",
+    "auth_tag": "ERem4S7ozG695kjvWIMghw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "domains": {
-    "encrypted_data": "X0KOKlJp5GYbKcq/jzmlaMmTXV1U7exWSqi3UxX9Sw==\n",
+    "encrypted_data": "scZ5blsSjs54DlitR7KZ3enLbyceOR5q0wjHw1golQ==\n",
-    "iv": "9JucnYLlYdQ9N6pd\n",
+    "iv": "oDcHm7shAzW97b4t\n",
-    "auth_tag": "sERYPDnVUJwVfSS8/xrPpQ==\n",
+    "auth_tag": "62Zais9yf68SwmZRsmZ3hw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb

@@ -38,6 +38,7 @@ gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 template "/root/gandi_dns_certbot_hook.sh" do
   variables access_token: gandi_api_credentials["access_token"]
   mode 0700
+  sensitive true
 end
 
 # Generate a Let's Encrypt cert (only if no cert has been generated before).