diff --git a/ansible-vault-check b/ansible-vault-check
new file mode 100755
index 0000000000000000000000000000000000000000..41aa16cba0d3f7cc5ff7ed90995925e88c9a1faf
--- /dev/null
+++ b/ansible-vault-check
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -eu
+for filename in $@
+do
+    grep -q ANSIBLE_VAULT "$filename" || \
+        (echo "$filename is not vaulted." && exit 1)
+done
diff --git a/hooks.yaml b/hooks.yaml
index 3e7e89cb99a1b7e40c4a351ee487ee4c5d46fcee..e42edb5ddc98d063349b12cdbade75925e41cf83 100644
--- a/hooks.yaml
+++ b/hooks.yaml
@@ -1,7 +1,13 @@
 ---
-- id: ansible-pre-commit
+- id: ansible-syntax-check
   name: Check Ansible playbooks
   description: Check Ansible playbooks for syntax errors.
   language: script
   entry: ansible-syntax-check
   files: playbook.yml
+- id: ansible-vault-check
+  name: Verify vaulted files
+  description: Verify that Ansible Vault files are vaulted.
+  language: script
+  entry: ansible-vault-check
+  files: vault