I do something similar to this to store sensitive files in vault. I base64
encode the data and set the variable with the resulting encoded string.
Then in my template I use the b64decode filter when applying the variable.
in your vault file
private_key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1J
I think we do something similar with SSL certificates.
First, we use the multi-line YAML notation ni the vars file:
ssl_private_key: |
-BEGIN RSA PRIVATE KEY-
ETC...
Note the spacing in front of the lines, that's required.
In case you don't need the actual newlines on the other end,