As to "why the ansible team has decided that become keywords cannot affect include_vars", I rather doubt it's ever come up before.
Internally, Ansible does *lots* of including/importing vars files. I imagine it evolved as a simple way to let the user pick some snowflake that wasn't one of the 20 or so sources of variables that Ansible already pulled in. For reasons I don't see, you've got an extraordinary quirk (root-only access) on an already unusual case. Another approach you could try: Whatever rootly process that currently creates that file could end with an "ansible-vault encrypt ..." operation on it (or a copy) that your controller process could be allowed to read. Or some variation on that theme. Good luck! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f063ac1b-dfb4-4759-a352-ab0008ed7f95n%40googlegroups.com.
