diff --git a/README.md b/README.md
index d16a272..f942263 100644
--- a/README.md
+++ b/README.md
@@ -15,15 +15,6 @@ My current setup is [Linux Mint Vera](https://linuxmint.com/edition.php?id=302)
 - i3 app shortcuts
 - firefox config? extensions? host own synchronizer?
 
-Would like Ansible Vault to check in keypair for syncthing.
-However, then I would need a password to unlock the vault.
-As it is publicly available, password needs to be long and strong.
-I can just put it in my keepass, but can be annoying to copy every time.
-Therefore, I could make this available using Secret Service and write a script to fetch it.
-However, keepass cannot run secret service as Ubuntu already runs one.
-But if I disable that, my SSH agent does not work anymore.
-As an intermediate solution, I can just put the password in keepass...
-
 #### Neovim
 
 - More cool plugins :)
diff --git a/ansible.cfg b/ansible.cfg
index 9166e14..c694fe3 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,8 +1,8 @@
 [defaults]
 roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
-vault_password_file=./.vault_password
 playbook_dir=playbooks
+vault_password_file=util/secret-service-client.sh
 
 [privilege_escalation]
 become_ask_pass=true
diff --git a/roles/keepassxc/tasks/main.yml b/roles/keepassxc/tasks/main.yml
index 6ef3c40..c92e15c 100644
--- a/roles/keepassxc/tasks/main.yml
+++ b/roles/keepassxc/tasks/main.yml
@@ -1,7 +1,13 @@
+- name: Uninstall gnome-keyring
+  apt:
+    name: gnome-keyring
+    state: absent
 - name: Install Keepassxc
   become: true
   apt:
-    name: keepassxc
+    pkg:
+    - keepassxc
+    - libsecret-tools
 - name: Create keepassxc config directory
   file:
     path: ~/.config/keepassxc
@@ -21,3 +27,4 @@
     section: SSHAgent
     option: AuthSockOverride
     value: "{{ ssh_agent_socket }}"
+    no_extra_spaces: true
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index f400174..e92dd42 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -14,6 +14,7 @@
       - tree
       - wireshark
       - units
+      - unrar
 - name: Install .gitconfig
   template:
     src: "{{ role_path }}/templates/.gitconfig.j2"
diff --git a/util/secret-service-client.sh b/util/secret-service-client.sh
new file mode 100755
index 0000000..2f85d45
--- /dev/null
+++ b/util/secret-service-client.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+secret-tool lookup ansible_vault homeservers