Document working with Ansible (#306)

Bug: https://github.com/StackExchange/blackbox/issues/295
See: https://docs.ansible.com/ansible/latest/user_guide/vault.html#providing-vault-passwords
See: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-vault-password-file

README.md

@@ -19,6 +19,8 @@ Table of Contents
 - [Compatibility](#compatibility)
 - [How is the encryption done?](#how-is-the-encryption-done)
 - [What does this look like to the typical user?](#what-does-this-look-like-to-the-typical-user)
+- Configuration Management
+  - [How to use the secrets with Ansible?](#how-to-use-the-secrets-with-ansible)
   - [How to use the secrets with Puppet?](#how-to-use-the-secrets-with-puppet)
     - [Entire files](#entire-files)
     - [Small strings](#small-strings)
@@ -233,6 +235,22 @@ What does this look like to the typical user?
 
 Wait... it can be even easier than that! Run `blackbox_edit FILENAME`, and it'll decrypt the file in a temp file and call `$EDITOR` on it, re-encrypting again after the editor is closed.
 
+How to use the secrets with Ansible?
+===================================
+
+Ansible Vault provides functionality for encrypting both entire files and strings stored within files; however,
+keeping track of the password(s) required for decryption is not handled by this module.
+
+Instead one must specify a password file when running the playbook.
+
+Ansible example for password file: `my_secret_password.txt.gpg`
+
+```
+ansible-playbook --vault-password-file my_secret_password.txt site.yml
+```
+
+Alternatively, one can specify this in the `ANSIBLE_VAULT_PASSWORD_FILE` environment variable.
+
 How to use the secrets with Puppet?
 ===================================