some part of our network will soon run inside a VLAN of another companies network.
At both ends are ROS devices.
Is there a way to encrypt all traffic between those two devices and still be able to use MPLS and OSPF?
As far as I understand IPSec I would have to configure it on every router in the network and I'm unsure if I would even work together with MPLS.
I really only need to encrypt traffic between two devices that are logically directly connected.
You're mistaken about IPsec, and it can absolutely be configured to only encrypt traffic between those two directly connected routers. It also has nothing to do with MPLS. You can of course use MPLS on IPsec payloads.