To add a new encrypted key to a file: execute the following command, copy the output and paste it into the file.
$ ansible-vault encrypt_string --ask-vault-pass --name 'vault_key' 'vault_value'
If you need to add many keys to the same file you can temporary paste the vault password in a file (.vault in the example), and use the following command:
$ ansible-vault encrypt_string --vault-password-file .vault --name 'vault_key' 'vault_value' >> path/to/file.yml
In this way you can save some vault password input and pasting the output by hand multiple times.
Since ansible-vault view doesn’t work with inline vaults, we need to execute the following command:
$ ansible localhost -m debug -a var="vault_key" -e "@path/to/file.yml" --ask-vault-pass
If you need to decrypt a whole file with no defined variables you should use ansible-vault command edit:
$ ansible-vault edit path/to/file.yml --ask-vault-pass