Think about finely grained secret access
We currently slap everything into the Ansible Vault. This is not optimal. We need more finely grained access while still allowing people to get their work done. Investigate which tools allow for that still of managing credentials. Perhaps something like bitwarden-rs?