One warning: the security of an Ansible Vault encrypted file (or string) depends very much on the strength of the password. If you’re using short / simple passwords, or passwords that can easily be found by dictionary attacks, then Vault is not exactly safe. (The best encryption won’t help you.) But if you’re using strong passwords (preferably long, randomly generated ones), then it is safe. (I would still make sure that the Git repo has access restrictions to limit access to the least necessary number of persons.)