I've been using SO blackbox which feels like a poorman hack, but solves the problem really easyly until a "proper" solution is decided on and implemented.
Funny enough, so do we. We actually use both Vault and Blackbox for building out our BaseAMI, though for different purposes depending upon the nature of what is being encrypted.
One thing I like about Vault is that it allows us to rotate keys without needing to rekey all encrypted secrets. Being able to expire certain secrets - like database credentials - means we can rotate these at will without needing an extra git commit.
I highly recommend using something here, and I commend you for at least encrypting with blackbox :)
I love it, I think it's both solid an elegant, and quite portable (needs bash + gpg) but your average enterprise architect will call it a hack and start comparing it to a multi k$ solution that needs its own server or three, has a fancy GUI etc...
https://github.com/StackExchange/blackbox