DOCUMENTATION:
  name: vault
  author: Brian Coca (@bcoca)
  version_added: "2.12"
  short_description: vault your secrets
  description:
    - Put your information into an encrypted Ansible Vault.
  positional: secret
  options:
    _input:
      description: Data to vault.
      type: string
      required: true
    secret:
      description: Vault secret, the key that lets you open the vault.
      type: string
      required: true
    salt:
      description:
        - Encryption salt, will be random if not provided.
        - While providing one makes the resulting encrypted string reproducible, it can lower the security of the vault.
      type: string
    vault_id:
      description: Secret identifier, used internally to try to best match a secret when multiple are provided.
      type: string
      default: 'filter_default'
    wrap_object:
      description:
        - This toggle can force the return of an C(AnsibleVaultEncryptedUnicode) string object, when C(False), you get a simple string.
        - Mostly useful when combining with the C(to_yaml) filter to output the 'inline vault' format.
      type: bool
      default: False

EXAMPLES: |
  # simply encrypt my key in a vault
  vars:
    myvaultedkey: "{{ keyrawdata|vault(passphrase) }} "

  - name: save templated vaulted data
    template: src=dump_template_data.j2 dest=/some/key/vault.txt
    vars:
      mysalt: '{{2**256|random(seed=inventory_hostname)}}'
      template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'

RETURN:
  _value:
    description: The vault string that contains the secret data (or C(AnsibleVaultEncryptedUnicode) string object).
    type: string