diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py
index 9324bfd5f4..eb625c4936 100644
--- a/lib/ansible/runner/__init__.py
+++ b/lib/ansible/runner/__init__.py
@@ -83,15 +83,16 @@ def _executor_hook(job_queue, result_queue, new_stdin):
 class HostVars(dict):
     ''' A special view of vars_cache that adds values from the inventory when needed. '''
 
-    def __init__(self, vars_cache, inventory):
+    def __init__(self, vars_cache, inventory, vault_password=None):
         self.vars_cache = vars_cache
         self.inventory = inventory
         self.lookup = dict()
         self.update(vars_cache)
+        self.vault_password = vault_password
 
     def __getitem__(self, host):
         if host not in self.lookup:
-            result = self.inventory.get_variables(host)
+            result = self.inventory.get_variables(host, vault_password=self.vault_password)
             result.update(self.vars_cache.get(host, {}))
             self.lookup[host] = result
         return self.lookup[host]
@@ -563,7 +564,7 @@ class Runner(object):
         inject = utils.combine_vars(inject, module_vars)
         inject = utils.combine_vars(inject, combined_cache.get(host, {}))
         inject.setdefault('ansible_ssh_user', self.remote_user)
-        inject['hostvars'] = HostVars(combined_cache, self.inventory)
+        inject['hostvars'] = HostVars(combined_cache, self.inventory, vault_password=self.vault_pass)
         inject['group_names'] = host_variables.get('group_names', [])
         inject['groups']      = self.inventory.groups_list()
         inject['vars']        = self.module_vars
diff --git a/lib/ansible/runner/action_plugins/template.py b/lib/ansible/runner/action_plugins/template.py
index 44b8e62dda..96d8f97a3a 100644
--- a/lib/ansible/runner/action_plugins/template.py
+++ b/lib/ansible/runner/action_plugins/template.py
@@ -85,7 +85,7 @@ class ActionModule(object):
 
         # template the source data locally & get ready to transfer
         try:
-            resultant = template.template_from_file(self.runner.basedir, source, inject)
+            resultant = template.template_from_file(self.runner.basedir, source, inject, vault_password=self.runner.vault_pass)
         except Exception, e:
             result = dict(failed=True, msg=str(e))
             return ReturnData(conn=conn, comm_ok=False, result=result)
diff --git a/lib/ansible/utils/template.py b/lib/ansible/utils/template.py
index 3f26f3f9c0..8ec27ac097 100644
--- a/lib/ansible/utils/template.py
+++ b/lib/ansible/utils/template.py
@@ -199,7 +199,7 @@ class J2Template(jinja2.environment.Template):
     def new_context(self, vars=None, shared=False, locals=None):
         return jinja2.runtime.Context(self.environment, vars.add_locals(locals), self.name, self.blocks)
 
-def template_from_file(basedir, path, vars):
+def template_from_file(basedir, path, vars, vault_password=None):
     ''' run a file through the templating engine '''
 
     fail_on_undefined = C.DEFAULT_UNDEFINED_VAR_BEHAVIOR
diff --git a/lib/ansible/utils/vault.py b/lib/ansible/utils/vault.py
index b4d79a5038..88fa710938 100644
--- a/lib/ansible/utils/vault.py
+++ b/lib/ansible/utils/vault.py
@@ -451,7 +451,6 @@ class VaultAES256(object):
         derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength, 
                             count=10000, prf=pbkdf2_prf)
 
-        #import epdb; epdb.st()
         key1 = derivedkey[:keylength]
         key2 = derivedkey[keylength:(keylength * 2)]
         iv = derivedkey[(keylength * 2):(keylength * 2) + ivlength]