[Deinumite]

If you use show instead of edit it doesn't re-encrypt the file.

Agreed on the useless diffs however, it makes reviewing pull requests or changes much harder.

[RRRA]

I'm curious, why do you feel the need to encrypt every single file instead of just secrets (to keep reviewing possible)? :)

[Deinumite]

I usually only encrypt var files that contain things like db passwords or something. In our case it made it harder to spot typos in the username for example.

I wouldn't encrypt a whole playbook for example.

[davedx]

We don't encrypt all of the credentials, just the actual passwords.