diff --git a/.gitignore b/.gitignore
index 35879b8..fd6a1b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
 /backups/*
 !/backups/.keep
 /playbooks/**/*.retry
+/secrets/*
+!/secrets/.keep
 /vendor/*
 !/vendor/.keep
diff --git a/ansible.cfg b/ansible.cfg
index b881f87..77af9fc 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,4 @@
 [defaults]
-ask_vault_pass = true
 inventory = hosts
 strategy = mitogen_linear
 strategy_plugins = vendor/mitogen-0.2.8/ansible_mitogen/plugins/strategy
diff --git a/bin/ansible b/bin/ansible
new file mode 100755
index 0000000..97f3ed4
--- /dev/null
+++ b/bin/ansible
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+FILE=$(readlink -f "$0")
+DIR=$(dirname "$FILE")
+
+. "$DIR/extra_opts.sh"
+
+exec ansible "$@" $extra_opts
diff --git a/bin/ansible-playbook b/bin/ansible-playbook
new file mode 100755
index 0000000..933a0a1
--- /dev/null
+++ b/bin/ansible-playbook
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+FILE=$(readlink -f "$0")
+DIR=$(dirname "$FILE")
+
+. "$DIR/extra_opts.sh"
+
+exec ansible-playbook "$@" $extra_opts
diff --git a/bin/extra_opts.sh b/bin/extra_opts.sh
new file mode 100644
index 0000000..906c557
--- /dev/null
+++ b/bin/extra_opts.sh
@@ -0,0 +1,12 @@
+for vault_id in default kotovalexarian
+do
+  if [ -f "secrets/$vault_id" ]; then
+    if [ -z "$extra_opts" ]; then
+      extra_opts="--vault-id"
+    else
+      extra_opts="$extra_opts --vault-id"
+    fi
+
+    extra_opts="$extra_opts $vault_id@secrets/$vault_id"
+  fi
+done
diff --git a/secrets/.keep b/secrets/.keep
new file mode 100644
index 0000000..e69de29