Ansible 2.4 introduced support for specifying multiple vault passwords, which means that you can encrypt different variables with a different vault password. For example you can create files dev.vault and prod.vault which will have set passwords for dev and production environments, then if you want to decrypt both of these variables you can run ansible-playbook with:

ansible-playbook --vault-id dev@dev.vault --vault-id prod@prod.vault playbook.yml

Where the dev and prod are Vault IDs. More details on https://docs.ansible.com/ansible/2.4/vault.html#providing-vault-passwords.

It would be great if the Ansible plugin provided this functionality, so that when you are specifying vault credentials, that you can select multiple credentials and their IDs.