Add warning about secrets.yml?

[geerlingguy]

Basically, people should feel comfortable enough committing a Vault-encrypted file—as long as the password they used to encrypt it is a secure password (e.g. lots of entropy).

If you use a password like testtesttest to encrypt an Ansible Vault-encrypted file, then someone could grab the public repo and easily brute force the password (since there's no other protection mechanism, and anyone can have Ansible Vault installed).

Anyways, I don't know if I want to do anything more here... but it would at least be good to add a stern warning about knowing what you're doing before you post anything secret to the wider world—even if it's encrypted!

[geerlingguy]

See related/relevant conversation on Reddit: Can I commit secrets to public repo using ansible-vault in relative safety?