From f1cefadfd5ed543aad08042252d0c4e43c202fb7 Mon Sep 17 00:00:00 2001
From: Luke Murphy <lukewm@riseup.net>
Date: Mon, 13 Apr 2020 19:47:47 +0200
Subject: [PATCH] Conditionally look up the vault directory

---
 plays/lib/vars.yml | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/plays/lib/vars.yml b/plays/lib/vars.yml
index 0f4ec8f..ef53aa4 100644
--- a/plays/lib/vars.yml
+++ b/plays/lib/vars.yml
@@ -1,5 +1,5 @@
 ---
-- name: Load all deployment variables
+- name: Load unencrypted deployment variables
   no_log: true
   include_vars:
     ignore_unknown_extensions: true
@@ -8,6 +8,20 @@
       - yml
       - yaml
   with_items:
-    - "{{ plugin_config_root }}"
-    - "{{ app_config_root }}/vault"
-    - "{{ app_config_root }}"
+    - "{{ plugin_config_root }}"  # vars.yml system variables
+    - "{{ app_config_root }}"  # config.yml end-user variables
+
+- name: Check if a vault directory exists
+  stat:
+    path: "{{ app_config_root }}/vault"
+  register: vault_dir
+
+- name: Load all deployment variables
+  no_log: true
+  when: vault_dir.stat.exists
+  include_vars:
+    ignore_unknown_extensions: true
+    dir: "{{ app_config_root }}/vault"
+    extensions:
+      - yml
+      - yaml