ansible-vault create secret_routeros
put inside your sensitive data, for example
ansible_password: password ansible_become_password: password
then recall the playbook with the following command:
ansible-playbook routeros.yml --ask-vault-pass
otherwise you can consider to use the var encrypted inside the normal group_vars like this:
my_encrypted_var: !vault |
$ANSIBLE_VAULT;1.1;AES256
64636132383835663964626132393530663764656634663230353038333866623634343635646465
3434333931643762313635656339396564306435326234610a633735663430663965323038313433
63373765316230656265636164626164383036613838363738316263343531656437303530313732
3835646366313730310a343363326239393364636230666561346461353137306334656663386638
38633462613530636536353064376236663066356536313163303265336133396134313736613730
37666635613961636431653134653439393263613830306132333266323537373937363766626530
386261363230343865333662336461386533
where you can encrypt your data as follow:
root@u-studio:/etc/ansible/playbooks# ansible-vault encrypt_string
New Vault password:
Confirm New Vault password:
Reading plaintext input from stdin. (ctrl-d to end input, twice if your content does not already have a newline)
ansible_password: password
ansible_become_password: password
!vault |
$ANSIBLE_VAULT;1.1;AES256
64636132383835663964626132393530663764656634663230353038333866623634343635646465
3434333931643762313635656339396564306435326234610a633735663430663965323038313433
63373765316230656265636164626164383036613838363738316263343531656437303530313732
3835646366313730310a343363326239393364636230666561346461353137306334656663386638
38633462613530636536353064376236663066356536313163303265336133396134313736613730
37666635613961636431653134653439393263613830306132333266323537373937363766626530
386261363230343865333662336461386533
Encryption successful