Fix display secrets info playbook

Author: Martin Jackson

README.md

@@ -63,8 +63,10 @@ already completed (duplicate inject is skipped).
   bootstrap-tagged v2 entries. Does **not** read `secretLoader.disabled` or load into Vault / primary backend.
 
 - **`playbooks/display_secrets_info.yml`**  
-  Loads and displays parsed secrets (using the backend from `values-global`). For v2 files with bootstrap-tagged entries,
-  uses a merged bootstrap + primary parse for display.
+  Loads and displays parsed secrets (using the backend from `values-global`). For v2 files with any bootstrap-tagged
+  entries, output is split into **`early_bootstrap_inject`** (none backend, early K8s view; includes `bootstrap: true`
+  and `bootstrap: only`) and **`primary_backend`** (configured backend; includes normal secrets and **`bootstrap: true`**
+  again so dual-mode entries appear in both groups). Otherwise a single parse is shown as before.
 
 Typical usage passes the pattern checkout as `pattern_dir` (for example `-e pattern_dir=/path/to/pattern`). If you omit
 it, the same resolution as `pattern_settings` applies: `PATTERN_DIR`, then `PWD`, then the `pwd` command.

playbooks/display_secrets_info.yml

@@ -43,35 +43,41 @@
             )
           }}
 
-    - name: Parse secrets data (v2 with inline bootstrap — merged view)
+    - name: Parse secrets data (v2 with bootstrap — two display groups)
       when: _vp_has_inline_bootstrap_secrets | bool
       block:
-        - name: Parse bootstrap-only portion for display
+        - name: Parse early-bootstrap inject portion for display (none backend)
           no_log: '{{ hide_sensitive_output }}'
           parse_secrets_info:
             values_secrets_plaintext: "{{ values_secrets_data }}"
             secrets_backing_store: none
             secrets_parse_filter: bootstrap_only
           register: _display_bootstrap_parse
 
-        - name: Parse primary portion for display
+        - name: Parse primary-backend portion for display (configured backend)
           no_log: '{{ hide_sensitive_output }}'
           parse_secrets_info:
             values_secrets_plaintext: "{{ values_secrets_data }}"
             secrets_backing_store: "{{ secrets_backing_store }}"
             secrets_parse_filter: exclude_bootstrap
           register: _display_primary_parse
 
-        - name: Merge parsed structures for display
+        - name: Build two-group secrets display (dual bootstrap entries appear in both)
           ansible.builtin.set_fact:
             secrets_results:
-              failed: false
-              changed: false
-              parsed_secrets: "{{ _display_bootstrap_parse.parsed_secrets | combine(_display_primary_parse.parsed_secrets) }}"
-              kubernetes_secret_objects: "{{ _display_bootstrap_parse.kubernetes_secret_objects + _display_primary_parse.kubernetes_secret_objects }}"
-              vault_policies: "{{ _display_bootstrap_parse.vault_policies | combine(_display_primary_parse.vault_policies) }}"
-              secret_store_namespace: "{{ _display_primary_parse.secret_store_namespace }}"
-              unique_vault_prefixes: "{{ ((_display_bootstrap_parse.unique_vault_prefixes | default([])) + (_display_primary_parse.unique_vault_prefixes | default([]))) | unique | sort }}"
+              early_bootstrap_inject:
+                parsed_secrets: "{{ _display_bootstrap_parse.parsed_secrets }}"
+                kubernetes_secret_objects: "{{ _display_bootstrap_parse.kubernetes_secret_objects }}"
+                vault_policies: "{{ _display_bootstrap_parse.vault_policies | default({}) }}"
+                unique_vault_prefixes: "{{ _display_bootstrap_parse.unique_vault_prefixes | default([]) }}"
+                backing_store: none
+              primary_backend:
+                parsed_secrets: "{{ _display_primary_parse.parsed_secrets }}"
+                kubernetes_secret_objects: "{{ _display_primary_parse.kubernetes_secret_objects }}"
+                vault_policies: "{{ _display_primary_parse.vault_policies | default({}) }}"
+                secret_store_namespace: "{{ _display_primary_parse.secret_store_namespace }}"
+                unique_vault_prefixes: "{{ _display_primary_parse.unique_vault_prefixes | default([]) }}"
+                secrets_backing_store: "{{ secrets_backing_store }}"
 
     - name: Parse secrets data (single phase)
       when: not (_vp_has_inline_bootstrap_secrets | bool)