Shuffle order of vault loading

plays/commonlib/vars.yml

@@ -14,17 +14,6 @@
   include_vars:
     file: "{{ plugin_config_root }}/vars.yml"
 
-- name: Check if the application config file exists
-  stat:
-    path: "{{ app_config_root }}/config.yml"
-  register: config_yml
-
-- name: Load unencrypted configuration variables
-  # no_log: true
-  when: config_yml.stat.exists
-  include_vars:
-    file: "{{ app_config_root }}/config.yml"
-
 - name: Check if an application vault directory exists
   stat:
     path: "{{ app_config_root }}/vault"
@@ -41,6 +30,17 @@
       - yml
   register: vault_include
 
+- name: Check if the application config file exists
+  stat:
+    path: "{{ app_config_root }}/config.yml"
+  register: config_yml
+
+- name: Load unencrypted configuration variables
+  # no_log: true
+  when: config_yml.stat.exists
+  include_vars:
+    file: "{{ app_config_root }}/config.yml"
+
 - name: Create the dokku variable dictionary
   set_fact:
     dokku:
@@ -60,6 +60,10 @@
 # Note(decentral1se): this has to be done like this through the hostvars
 # interface because of the way Ansible forces us to work here. There is a bug
 # report out on this: https://github.com/ansible/ansible/issues/36024
+- name: Create vault variable dictionary
+  set_fact:
+    vault: "{{ vault_include.ansible_facts.vault | default([]) }}"
+
 - name: Create config variable dictionary
   set_fact:
     config:
@@ -68,7 +72,3 @@
       templates: "{{ hostvars[dokku.host].templates | default([]) }}"
       vars: "{{ hostvars[dokku.host].vars | default([]) }}"
       volumes: "{{ hostvars[dokku.host].volumes | default([]) }}"
-
-- name: Create vault variable dictionary
-  set_fact:
-    vault: "{{ vault_include.ansible_facts.vault | default([]) }}"