Ansible Vault

Encrypt single string

> ansible-vault encrypt_string 'Xiquei8iek4hahgeedoo0ohfooj2ocheeFe3de8niomuo' --name 'secret_key'

secret_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39346530333932626233643963653230346533656162316430396461343530303635353161393765
          ...
          ...
          62343732356532366639663663376266316632613362666661353339383032653761393338316237
          626337313062636436613439663365313633
Encryption successful

=> Add string to host_vars of myhost

Decrypt single string

ansible myhost -m debug -a var="secret_key"

...
ok: [myhost] =>
  secret_key: Xiquei8iek4hahgeedoo0ohfooj2ocheeFe3de8niomuo
...

References

1. Encrypting content with Ansible Vault(docs.ansible.com):