Automation controller will complain during inventory sync if there are vault encrypted files in the inventory directory structure (for example a group_vars directory). This is because the inventories know nothing about the vault credentials and can't decrypt the file(s).

My customer would like to have automation controller changed such that vault encrypted files in the inventory directory structure can be used. 

There is a similar issue opened upstream, perhaps it can be used: https://github.com/ansible/awx/issues/4089

They do NOT want to have vaulted files in an inventory loaded into controller, because that would imply that the vaulted files would be decrypted at inventory sync time, and the variables would then be in clear in your database/inventory in controller. A workaround like this is discussed in https://github.com/ansible/awx/issues/4089#issuecomment-1632066592. I think the decryption of such vault files needs to be done at job execution time.