diff --git a/ansible.cfg b/ansible.cfg
index dedca3f..b598c64 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,9 @@
 [defaults]
 # (pathspec) Colon separated paths in which Ansible will search for Roles.
 roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
-vault_password_file=./.vault_password
 inventory=inventory
+vault_password_file=util/secret-service-client.sh
+interpreter_python=/usr/bin/python3
+
+[diff]
+always = True
diff --git a/util/secret-service-client.sh b/util/secret-service-client.sh
new file mode 100644
index 0000000..37c9a82
--- /dev/null
+++ b/util/secret-service-client.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+pass=`secret-tool lookup ansible_vault homeservers`
+retval=$?
+
+if [ $retval -ne 0 ]; then
+	echo Provide password:
+	read -s pass
+fi
+echo $pass