How to invoke encrypted password inside ansible playbook?

Question

How can I encrypt the password in Ansible for executing windows playbook?

Kerberos authentication in enabled

When playbook is edited others shouldn`t see encrypted password

Answer 1

Since Ansible 2.4 you can encrypt strings with ansible-vault and put in in playbooks and roles. You have to create vault-password and run the following code:

$ ansible-vault encrypt_string --ask-vault-pass --stdin-name 'password'
New Vault password: 
Confirm New Vault password: 
Reading plaintext input from stdin. (ctrl-d to end input)
SecretPassword123
password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65316563643063333532303262343166333232313034303333386330333635313433383236656337
          3634653534353630663131656531663162376161333030350a363434343961666535316366643135
          33326462393934633930336261373532666239653834316235666638613164616538306536396634
          6432343763336135320a386263663736396164343065323233656134656262653238643038633665
          39363631666630623062356238663165343737346535396237646461303938383230
Encryption successful

Then paste your encrypted password to your variables, like this:

username: "user01"
password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65316563643063333532303262343166333232313034303333386330333635313433383236656337
          3634653534353630663131656531663162376161333030350a363434343961666535316366643135
          33326462393934633930336261373532666239653834316235666638613164616538306536396634
          6432343763336135320a386263663736396164343065323233656134656262653238643038633665
          39363631666630623062356238663165343737346535396237646461303938383230
some_other_variable: "1234"
one_more_variable: "4444"

And run your playbooks. But don't forget to use your vault-password when run ansible-playbook. It can be used as a parameter of --ask-vault-pass or in the file described in --vault-password-file