diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5d98ec8db..9e99272b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,6 +56,7 @@ BUG FIXES:
   - core: escape curl urls and authentication [GH-5677]
   - core: fix crash if a value is missing for CLI arguments [GH-5550]
   - core: retry SSH key generation for transient RSA errors [GH-5056]
+  - core: `ssh.private_key_path` will override the insecure key [GH-5632]
   - core/cli: fix box checksum validation [GH-4665, GH-5221]
   - core/windows: allow Windows UNC paths to allow more than 256
       characters [GH-4815]
diff --git a/lib/vagrant/machine.rb b/lib/vagrant/machine.rb
index 03ca19f07..cebd1eea1 100644
--- a/lib/vagrant/machine.rb
+++ b/lib/vagrant/machine.rb
@@ -444,7 +444,7 @@ module Vagrant
       end
 
       # If we have a private key in our data dir, then use that
-      if @data_dir
+      if @data_dir && !@config.ssh.private_key_path
         data_private_key = @data_dir.join("private_key")
         if data_private_key.file?
           info[:private_key_path] = [data_private_key.to_s]
diff --git a/test/unit/vagrant/machine_test.rb b/test/unit/vagrant/machine_test.rb
index 5da1be84f..d146d932e 100644
--- a/test/unit/vagrant/machine_test.rb
+++ b/test/unit/vagrant/machine_test.rb
@@ -667,6 +667,17 @@ describe Vagrant::Machine do
         expect(instance.ssh_info[:password]).to eql("")
       end
 
+      it "should return the private key in the Vagrantfile if the data dir exists" do
+        provider_ssh_info[:private_key_path] = nil
+        instance.config.ssh.private_key_path = "/foo"
+
+        instance.data_dir.join("private_key").open("w+") do |f|
+          f.write("hey")
+        end
+
+        expect(instance.ssh_info[:private_key_path]).to eql(["/foo"])
+      end
+
       context "with no data dir" do
         let(:base)     { true }
         let(:data_dir) { nil }