diff --git a/ansible/inventory/group_vars/all/kolla b/ansible/inventory/group_vars/all/kolla
index e34613f3fc86678296930857360b368c63854497..111b539a9bc80f8205a8530df16e45c73327115e 100644
--- a/ansible/inventory/group_vars/all/kolla
+++ b/ansible/inventory/group_vars/all/kolla
@@ -600,9 +600,15 @@ kolla_ansible_default_custom_passwords: >-
              if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool
              else {}) }}
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+kolla_ansible_extra_custom_passwords: {}
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
-kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
+kolla_ansible_custom_passwords: >-
+  {{ kolla_ansible_default_custom_passwords |
+     combine(kolla_ansible_extra_custom_passwords) }}
 
 ###############################################################################
 # OpenStack API addresses.
diff --git a/doc/source/configuration/reference/kolla-ansible.rst b/doc/source/configuration/reference/kolla-ansible.rst
index 97f55c70e9c2cd3864c1ab80710bd43fdb25ea2b..e300c8b53af8b7fbce0ad7bf72350c31ea9bce0d 100644
--- a/doc/source/configuration/reference/kolla-ansible.rst
+++ b/doc/source/configuration/reference/kolla-ansible.rst
@@ -595,27 +595,35 @@ variable, if present. The file is generated to
 ``$KAYOBE_CONFIG_PATH/kolla/passwords.yml``, and should be stored along with
 other Kayobe configuration files. This file should not be manually modified.
 
-``kolla_ansible_custom_passwords``
-    Dictionary containing custom passwords to add or override in the Kolla
-    passwords file. Default is ``{{ kolla_ansible_default_custom_passwords
-    }}``, which contains SSH keys for use by Kolla Ansible and Bifrost.
-
 Configuring Custom Passwords
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-In order to write additional passwords to ``passwords.yml``, set the kayobe
-variable ``kolla_ansible_custom_passwords`` in
-``$KAYOBE_CONFIG_PATH/kolla.yml``.
+The following variables are used to configure custom passwords:
+
+* ``kolla_ansible_default_custom_passwords``: Dictionary containing default
+  custom passwords, required by Kolla Ansible. Contains SSH keys authorized by
+  kolla user on Kolla hosts, SSH keys authorized in hosts deployed by Bifrost,
+  Docker Registry password and compute libVirt custom passwords.
+* ``kolla_ansible_extra_custom_passwords``: Dictionary containing extra custom
+  passwords to add or override in the Kolla passwords file. Default is an empty
+  dictionary.
+* ``kolla_ansible_custom_passwords``: Dictionary containing custom passwords to
+  add or override in the Kolla passwords file. Default is the combination of
+  the ``kolla_ansible_default_custom_passwords`` and
+  ``kolla_ansible_extra_custom_passwords``.
+
+In this example we add our own ``my_custom_password`` and override
+``keystone_admin_password``:
 
 .. code-block:: yaml
    :caption: ``$KAYOBE_CONFIG_PATH/kolla.yml``
 
    ---
-   # Dictionary containing custom passwords to add or override in the Kolla
-   # passwords file.
-   kolla_ansible_custom_passwords: >
-     {{ kolla_ansible_default_custom_passwords |
-        combine({'my_custom_password': 'correcthorsebatterystaple'}) }}
+   # Dictionary containing extra custom passwords to add or override in the
+   # Kolla passwords file.
+   kolla_ansible_extra_custom_passwords:
+     my_custom_password: 'correcthorsebatterystaple'
+     keystone_admin_password: 'superduperstrongpassword'
 
 Control Plane Services
 ======================
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
index 81e48c55bcf111af37a2e609235b6549d29f0cdd..16ba16774fb7d198f038da67f8b82f292b7a71b7 100644
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@@ -454,6 +454,10 @@
 # Kolla passwords file.
 #kolla_ansible_default_custom_passwords:
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+#kolla_ansible_extra_custom_passwords:
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
 #kolla_ansible_custom_passwords:
diff --git a/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..adc5318e7dc464cf668786d4dcad7c19361e16fd
--- /dev/null
+++ b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml
@@ -0,0 +1,14 @@
+---
+fixes:
+  - |
+    Fixes an issue when user forgot to combine
+    ``kolla_ansible_custom_passwords``,
+    ``kolla_ansible_default_custom_passwords`` and own dictionary with custom
+    passwords in configuration files. Now
+    ``kolla_ansible_extra_custom_passwords`` should provide only user custom
+    passwords to add or override in the passwords.yml.
+upgrade:
+  - |
+    Now no need to combine ``kolla_ansible_default_custom_passwords`` and
+    ``kolla_ansible_custom_passwords`` in your custom configuration. Just use
+    ``kolla_ansible_extra_custom_passwords`` to add or override passwords.