From 174cb1f33cdac126adc11dea81043914e8b127e0 Mon Sep 17 00:00:00 2001
From: Adrian Likins <alikins@redhat.com>
Date: Wed, 20 Sep 2017 10:31:36 -0400
Subject: [PATCH] Check number of vault secrets after setup. (#30520)

This is to catch vault secrets from config and
cli. Previously vault_password_file in config was
missed since it was added by setup_vault_secrets,
so check after setup_vault_secrets.
---
 lib/ansible/cli/vault.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py
index 762ba82b98..29b5404974 100644
--- a/lib/ansible/cli/vault.py
+++ b/lib/ansible/cli/vault.py
@@ -184,6 +184,10 @@ class VaultCLI(CLI):
                                          vault_password_files=self.options.vault_password_files,
                                          ask_vault_pass=self.options.ask_vault_pass,
                                          create_new_password=True)
+
+            if len(vault_secrets) > 1:
+                raise AnsibleOptionsError("Only one --vault-id can be used for encryption. This includes passwords from configuration and cli.")
+
             if not vault_secrets:
                 raise AnsibleOptionsError("A vault password is required to use Ansible's Vault")