diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index 929433193ad1afe10452bd34ae082c31a02cd745..1604a0185fb6902c0d778ec1fb977d9b8659ae00 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -234,14 +234,41 @@
     register: result
     failed_when: not result.changed
 
+  - name: Try to change symmetric vault salt, without providing any password
     ipavault:
       ipaadmin_password: SomeADMINpassword
-      name: inexistentvault
-      password: SomeVAULTpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
+    register: result
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, without providing `password`
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
       new_password: SomeVAULTpassword
-      new_password_file: "{{ ansible_env.HOME }}/password.txt"
     register: result
-    failed_when: not result.failed or "parameters are mutually exclusive" not in result.msg
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, without providing `new_password`
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
+      password: SomeVAULTpassword
+    register: result
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, using wrong password.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeWRONGpassword
+      new_password: SomeWRONGpassword
+      salt: MDEyMzQ1Njc4OTAxMjM0NQo=
+    register: result
+    failed_when: not result.failed
 
   - name: Ensure symmetric vault is absent
     ipavault: