- name: Create secret for {{ item.name }}
  when: passwords[item.name + '_secret'] is not defined
  block:
    - name: Create secret for {{ item.name }}
      shell: "openssl rand -hex 32"
      register: secret
    
    - name: Show secret json for {{ item.name }}
      debug:
        msg: "{{ secret }}"
        verbosity: 2
    
    - name: Write secret for {{ item.name }}
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "{{ item.name }}_secret: \"{{ secret.stdout }}\""