diff --git a/test/integration/targets/copy/files-different/vault/folder/nested-vault-file b/test/integration/targets/copy/files-different/vault/folder/nested-vault-file
new file mode 100644
index 00000000000..d8d1549874c
--- /dev/null
+++ b/test/integration/targets/copy/files-different/vault/folder/nested-vault-file
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+65653164323866373138353632323531393664393563633665373635623763353561386431373366
+3232353263363034313136663062623336663463373966320a333763323032646463386432626161
+36386330356637666362396661653935653064623038333031653335626164376465353235303636
+3335616231663838620a303632343938326538656233393562303162343261383465623261646664
+33613932343461626339333832363930303962633364303736376634396364643861
diff --git a/test/integration/targets/copy/files-different/vault/readme.txt b/test/integration/targets/copy/files-different/vault/readme.txt
new file mode 100644
index 00000000000..0a30d8e08ad
--- /dev/null
+++ b/test/integration/targets/copy/files-different/vault/readme.txt
@@ -0,0 +1,5 @@
+This directory contains some files that have been encrypted with ansible-vault.
+
+This is to test out the decrypt parameter in copy.
+
+The password is: password
diff --git a/test/integration/targets/copy/files-different/vault/vault-file b/test/integration/targets/copy/files-different/vault/vault-file
new file mode 100644
index 00000000000..2fff7619a75
--- /dev/null
+++ b/test/integration/targets/copy/files-different/vault/vault-file
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+30353665333635633433356261616636356130386330363962386533303566313463383734373532
+3933643234323638623939613462346361313431363939370a303532656338353035346661353965
+34656231633238396361393131623834316262306533663838336362366137306562646561383766
+6363373965633337640a373666336461613337346131353564383134326139616561393664663563
+3431
diff --git a/test/integration/targets/copy/tasks/tests.yml b/test/integration/targets/copy/tasks/tests.yml
index fa4254c79ae..e5d0991aaf2 100644
--- a/test/integration/targets/copy/tasks/tests.yml
+++ b/test/integration/targets/copy/tasks/tests.yml
@@ -2259,3 +2259,29 @@
          - "dest_dir_readwrite_stat.stat.mode == '0644'"
          - "dest_dir_executable_stat.stat.mode == '0755'"
          - "dest_dir_readonly_stat.stat.mode == '0444'"
+
+- name: fail to copy an encrypted file without the password set
+  copy:
+    src: '{{role_path}}/files-different/vault/vault-file'
+    dest: '{{output_dir}}/file'
+  register: fail_copy_encrypted_file
+  ignore_errors: yes # weird failed_when doesn't work in this case
+
+- name: assert failure message when copying an encrypted file without the password set
+  assert:
+    that:
+    - fail_copy_encrypted_file is failed
+    - fail_copy_encrypted_file.msg == 'A vault password or secret must be specified to decrypt {{role_path}}/files-different/vault/vault-file'
+
+- name: fail to copy a directory with an encrypted file without the password
+  copy:
+    src: '{{role_path}}/files-different/vault'
+    dest: '{{output_dir}}'
+  register: fail_copy_directory_with_enc_file
+  ignore_errors: yes
+
+- name: assert failure message when copying a directory that contains an encrypted file without the password set
+  assert:
+    that:
+    - fail_copy_directory_with_enc_file is failed
+    - fail_copy_directory_with_enc_file.msg == 'A vault password or secret must be specified to decrypt {{role_path}}/files-different/vault/vault-file'
diff --git a/test/units/module_utils/basic/test_filesystem.py b/test/units/module_utils/basic/test_filesystem.py
index 37d1c5537a3..f09cecf46ab 100644
--- a/test/units/module_utils/basic/test_filesystem.py
+++ b/test/units/module_utils/basic/test_filesystem.py
@@ -134,3 +134,27 @@ class TestOtherFilesystem(ModuleTestCase):
 
         with patch('os.lchown', side_effect=OSError) as m:
             self.assertRaises(SystemExit, am.set_group_if_different, '/path/to/file', 'root', False)
+
+    def test_module_utils_basic_ansible_module_set_directory_attributes_if_different(self):
+        from ansible.module_utils import basic
+        basic._ANSIBLE_ARGS = None
+
+        am = basic.AnsibleModule(
+            argument_spec=dict(),
+        )
+
+        file_args = {
+            'path': '/path/to/file',
+            'mode': None,
+            'owner': None,
+            'group': None,
+            'seuser': None,
+            'serole': None,
+            'setype': None,
+            'selevel': None,
+            'secontext': [None, None, None],
+            'attributes': None,
+        }
+
+        self.assertEqual(am.set_directory_attributes_if_different(file_args, True), True)
+        self.assertEqual(am.set_directory_attributes_if_different(file_args, False), False)