Secrets Manager for Homelab

For a few years, I’ve been managing the configuration of a bunch of self-hosted
services using Ansible Playbooks. Each playbook needed at least one secret —
the sudo password. Many of them needed to manage more (e.g. SMTP credentials
for email notifications). Because I’ve always been paranoid about security, I
stored most of those secrets in Ansible Vault, the password for which is stored
in only one location — my memory. Therefore, each time I ran any of those
playbooks, I’d have to enter two passwords interactively: the sudo password and
the Ansible Vault password.