diff --git a/plays/lib/vars.yml b/plays/lib/vars.yml
index 0f4ec8f..ef53aa4 100644
--- a/plays/lib/vars.yml
+++ b/plays/lib/vars.yml
@@ -1,5 +1,5 @@
 ---
-- name: Load all deployment variables
+- name: Load unencrypted deployment variables
   no_log: true
   include_vars:
     ignore_unknown_extensions: true
@@ -8,6 +8,20 @@
       - yml
       - yaml
   with_items:
-    - "{{ plugin_config_root }}"
-    - "{{ app_config_root }}/vault"
-    - "{{ app_config_root }}"
+    - "{{ plugin_config_root }}"  # vars.yml system variables
+    - "{{ app_config_root }}"  # config.yml end-user variables
+
+- name: Check if a vault directory exists
+  stat:
+    path: "{{ app_config_root }}/vault"
+  register: vault_dir
+
+- name: Load all deployment variables
+  no_log: true
+  when: vault_dir.stat.exists
+  include_vars:
+    ignore_unknown_extensions: true
+    dir: "{{ app_config_root }}/vault"
+    extensions:
+      - yml
+      - yaml