Encrypt part of an inventory

[DK]

Hi,

I have a number of different inventory like the following. Each inventory will have variables for different usernames & passwords

all:

  children:

        A:

          hosts:

            minion1:

              ansible_host: 10.134.47.102

            minion2:

              ansible_host: 10.134.47.103

            minion3:

              ansible_host: 10.134.47.104

      vars:

        username: someuser

        password: somepassword

        ansible_ssh_user: someotheruser

        ansible_ssh_pass: someotherpassword

Instead of including the variables here is there a way to pass a separate encrypted file?

ansible-playbook playbook-create-template.yml -i inventory.yml joes-secrets.yaml

Or is there a cleaner way to use Vault and just have placeholder in the inventory like {{ VAULT_JOES_PASSWORD }}

If so, how best to create the vault without calling ansible-vault encrypt_string password123 --ask-vault-pass for each individual username & password?