Hi Michael,
Has this ever been implemented ?
With Vault especially, it seems like a sensible pattern to have a separate encrypted file in vars/ for credentials, next to main.yml
Having to specify include_vars or vars_files explicitly each time feels a little clumsy : shouldn't one reasonably expect a directory named "vars" to have some magic meaning and consider all of its contents automatically (like group_vars and inventory directories do) ?
Since vars/ also doesn't serve as a default path for include_vars in role tasks (AFAIK, you have to explicitly say "../vars/xxx.yml"), technically it might as well be just "roles/x/vars.yml", right ?