Ansible is a great orchestration tool. The low barrier to entry and simplicity of Ansible are why so many people that start using it love it. But there is one feature in Ansible that probably should be used more often. That feature is Ansible Vault.
“Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control.
This means you can store just about anything in Ansible files. SSH keys, MySQL user passwords, and secret API keys are all fair game in Ansible Vaults. Then you can safely check this data into your repo with a reasonable expectation that it is safe from Github crawlers and other prying