diff --git a/bin/git-diff-ansible-vault b/bin/git-diff-ansible-vault
index 378154d..403f5cb 100755
--- a/bin/git-diff-ansible-vault
+++ b/bin/git-diff-ansible-vault
@@ -298,6 +298,14 @@ git_diff_ansible_vault() {
   done
 }
 
+#
+# Read environment variables.
+#
+
+if [ -f "$ANSIBLE_VAULT_PASSWORD_FILE" ]; then
+  VAULT_PASSWORD_FILE="$ANSIBLE_VAULT_PASSWORD_FILE"
+fi
+
 #
 # parse argv
 #
diff --git a/test/git-diff-ansible-vault.bats b/test/git-diff-ansible-vault.bats
index 81391c3..0aa5f53 100644
--- a/test/git-diff-ansible-vault.bats
+++ b/test/git-diff-ansible-vault.bats
@@ -131,6 +131,14 @@ EOF
   assert_failure "[ERROR] Not a git repository"
 }
 
+@test "Setting vault password file via environment variable unlocks vault" {
+  ANSIBLE_VAULT_PASSWORD_FILE=.alternate-vault-pass run git diff-ansible-vault --verbose
+  assert_success
+  assert_line "[INFO] VAULT_PASSWORD_FILE: .alternate-vault-pass"
+  assert_line "diff --git a/vault.yml b/vault.yml"
+  assert_line "+    - bash"
+}
+
 @test "--vault-password-file with specified path unlocks vault" {
   run git diff-ansible-vault --vault-password-file .alternate-vault-pass --verbose
   assert_success