AIt encrypts sensitive data such as passwords in variables and files
BIt stores plaintext secrets on a central server for playbooks to read
CIt scans playbooks for hardcoded secrets and warns you about them
DIt rotates the SSH keys that are used to connect to managed nodes
Why this is the answer
Ansible Vault encrypts secrets (variables and files) at rest so they can live safely in Git. It doesn't store plaintext centrally, isn't a secret-scanner, and doesn't rotate SSH keys.