diff --git a/lib/ansible/plugins/lookup/unvault.py b/lib/ansible/plugins/lookup/unvault.py
new file mode 100644
index 00000000000..721e4fd4656
--- /dev/null
+++ b/lib/ansible/plugins/lookup/unvault.py
@@ -0,0 +1,61 @@
+# (c) 2020 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = """
+    lookup: unvault
+    author: ansible core team
+    version_added: "2.10"
+    short_description: read vaulted file(s) contents
+    description:
+        - This lookup returns the contents from vaulted (or not) file(s) on the Ansible controller's file system.
+    options:
+      _terms:
+        description: path(s) of files to read
+        required: True
+    notes:
+      - This lookup does not understand 'globing' nor shell environment variables.
+"""
+
+EXAMPLES = """
+- debug: msg="the value of foo.txt is {{lookup('vault', '/etc/foo.txt')|to_string }}"
+"""
+
+RETURN = """
+  _raw:
+    description:
+      - content of file(s) as bytes
+"""
+
+from ansible.errors import AnsibleParserError
+from ansible.plugins.lookup import LookupBase
+from ansible.module_utils._text import to_text
+from ansible.utils.display import Display
+
+display = Display()
+
+
+class LookupModule(LookupBase):
+
+    def run(self, terms, variables=None, **kwargs):
+
+        self.set_options(direct=kwargs)
+
+        ret = []
+
+        for term in terms:
+            display.debug("Unvault lookup term: %s" % term)
+
+            # Find the file in the expected search path
+            lookupfile = self.find_file_in_search_path(variables, 'files', term)
+            display.vvvv(u"Unvault lookup found %s" % lookupfile)
+            if lookupfile:
+                actual_file = self._loader.get_real_file(lookupfile, decrypt=True)
+                with open(actual_file, 'rb') as f:
+                    b_contents = f.read()
+                ret.append(b_contents)
+            else:
+                raise AnsibleParserError('Unable to find file matching "%s" ' % term)
+
+        return ret
diff --git a/test/integration/targets/lookup_unvault/aliases b/test/integration/targets/lookup_unvault/aliases
new file mode 100644
index 00000000000..4a2ce27cbda
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/aliases
@@ -0,0 +1,3 @@
+shippable/posix/group2
+needs/root
+skip/aix
diff --git a/test/integration/targets/lookup_unvault/files/foot.txt b/test/integration/targets/lookup_unvault/files/foot.txt
new file mode 100644
index 00000000000..5716ca5987c
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/files/foot.txt
@@ -0,0 +1 @@
+bar
diff --git a/test/integration/targets/lookup_unvault/files/foot.txt.vault b/test/integration/targets/lookup_unvault/files/foot.txt.vault
new file mode 100644
index 00000000000..98ee41bc2ed
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/files/foot.txt.vault
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+35363932323438383333343462373431376162373631636238353061616565323630656464393939
+3937313630326662336264636662313163343832643239630a646436313833633135353834343364
+63363039663765363365626531643533616232333533383239323234393934356639373136323635
+3632356163343031300a373766636130626237346630653537633764663063313439666135623032
+6139
diff --git a/test/integration/targets/lookup_unvault/runme.sh b/test/integration/targets/lookup_unvault/runme.sh
new file mode 100755
index 00000000000..a7a0be5aefb
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/runme.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+set -eux
+
+# run tests
+ansible-playbook unvault.yml --vault-password-file='secret' -v "$@"
diff --git a/test/integration/targets/lookup_unvault/secret b/test/integration/targets/lookup_unvault/secret
new file mode 100644
index 00000000000..f925edd3449
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/secret
@@ -0,0 +1 @@
+ssssshhhhhh
diff --git a/test/integration/targets/lookup_unvault/unvault.yml b/test/integration/targets/lookup_unvault/unvault.yml
new file mode 100644
index 00000000000..f1f3b98a7d0
--- /dev/null
+++ b/test/integration/targets/lookup_unvault/unvault.yml
@@ -0,0 +1,9 @@
+- name: test vault lookup plugin
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - debug: msg={{lookup('unvault', 'foot.txt.vault')}}
+    - name: verify vault lookup works with both vaulted and unvaulted
+      assert:
+        that:
+            - lookup('unvault', 'foot.txt.vault') == lookup('unvault', 'foot.txt')