When others are deploying a project for you, it's easy for mistakes to be made when secrets must be updated in environmental variables. Ansible-vault takes a different approach and encrypts the secrets - allowing you to store the secrets in your repo.
To encrypt a file: ansible-vault encrypt secrets.py
To decrypt a file: ansible-vault decrypt secrets.py
More documentation is available here: http://docs.ansible.com/ansible/playbooks_vault.html