Generating a new PEM Key and CSR and automatically adding it to an ansible vault

The following bash script will generate a new private key and automatically vault into a variable in Ansible named tls_private_key

export F=FQDN
export TLS_BITS=4096
export C=Canada
export ST=Ontario
export L=Toronto
export O=Company
export OU=Dept

# Generate new key and csr
openssl req \
    -out "host_files/${F}/${F}.csr" \
    -new \
    -newkey rsa:${TLS_BITS} \
    -nodes \
    -keyout "host_vars/${F}/vault_tls_private_key" \
    -subj "/C=${COUNTRY}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${F}/emailAddress=${EMAIL}"

# indent the key file
sed -i 's/^/\ \ /g' "host_vars/${F}/vault_tls_private_key"

# add YAML header for Ansible variable
sed -i '1s/^/---\ntls_private_key: |\n/' "host_vars/${F}/vault_tls_private_key"

# vault the TLS private key
ansible-vault \
    encrypt \