Ansible vault - best practice folder structure

Question

I am trying to figure out the best practice folder structure to organize my vault variables.

Currently it looks like this:

.
├── group_vars/
│   ├── group1.yml
│   └── group2.yml
├── host_vars/
│   ├── host1.yml
│   └── host2.yml
├── roles/
│   └── .../
└── vault/
    ├── enc-file1.yml
    └── enc-file2.yml

However, this way I always have to use include_vars inside my role to source a specific encrypted file.

Is there any naming convention and folder structure I can apply that Ansible will automatically source the correct vaulted variable just as it does with host_vars and group_vars?

I had something like this in mind:

.
└── group_vars/
    ├── group1/
    │   ├── main.yml
    │   └── vault.yml
    └── group2/
        ├── main.yml
        └── vault.yml

Is there anything I can do, so I do not have to explicitly include vault variables?

Answer 1

Is there anything I can do, so I do not have to explicitly include vault variables?

In recent Ansible versions (since 2.3) you don't need to include separate files for vault-protected variables. Instead, you can encrypt individual variables in regular vars-files - see Single Encrypted Variable.

Is there any naming convention and folder structure [] that Ansible will automatically source the correct vaulted variable []?

No, there is no convention nor automatic mechanism.