Add support for ansible-vault for secret generation

Sem-Ver: feature
Change-Id: I4e56ea595618c2646158a29395856958fa567b59
diff --git a/playbooks/generate_secrets.yml b/playbooks/generate_secrets.yml
index 88dbf23..6ed535c 100644
--- a/playbooks/generate_secrets.yml
+++ b/playbooks/generate_secrets.yml
@@ -30,3 +30,9 @@
       ansible.builtin.copy:
         content: "{{ secrets | to_nice_yaml }}"
         dest: "{{ secrets_path }}"
+
+    - name: Encrypt secrets file with Vault password
+      ansible.builtin.shell:
+        ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }}
+      when:
+        - secrets_vault_password_file is defined
\ No newline at end of file
diff --git a/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml
new file mode 100644
index 0000000..446b3c4
--- /dev/null
+++ b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - The ``generate_secrets`` playbook can now be used to generate secrets that
+    are encrypted using ``ansible-vault``.