diff --git a/Cargo.lock b/Cargo.lock
index 204a8e8..7b82e30 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -106,6 +106,14 @@ dependencies = [
  "untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "envy"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "serde 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "errno"
 version = "0.1.8"
@@ -161,6 +169,7 @@ version = "0.1.0"
 dependencies = [
  "cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)",
+ "envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "keyutils 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -602,6 +611,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
 "checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29"
 "checksum ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)" = "<none>"
+"checksum envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "261b836bcf13f42a01c70351f56bd7b66db6e6fb58352bd214cb77e9269a34b4"
 "checksum errno 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "1e2b2decb0484e15560df3210cf0d78654bb0864b2c138977c07e377a1bae0e2"
 "checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e"
 "checksum errno-dragonfly 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "14ca354e36190500e1e1fb267c647932382b54053c50b14970856c0b00a35067"
diff --git a/Cargo.toml b/Cargo.toml
index 13007fe..39f19c2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,7 @@ serde = "1.0.100"
 serde_json = "1.0.40"
 keyutils = "0.2.1"
 rpassword = "4.0.1"
+envy = "0.4.0"
 
 
 [profile.release]
diff --git a/src/config.rs b/src/config.rs
index 47c6ebc..729fde1 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -8,9 +8,36 @@ use std::collections::HashMap;
 use std::env;
 use std::fs::File;
 use std::io::Read;
-use std::path::PathBuf;
+use std::path::{PathBuf, Path};
 use std::process::Command;
 
+
+#[derive(Debug, Deserialize, Serialize)]
+pub struct EnvConfig {
+    credential_id: String,
+    uuid: String,
+    salt: String,
+    mapper_name: String,
+    password_helper: String
+}
+
+impl Into<Config> for EnvConfig {
+    fn into(self) -> Config {
+        Config{
+            credential_id: self.credential_id,
+            device: format!("/dev/disk/by-uuid/{}", self.uuid).into(),
+            mapper_name: self.mapper_name,
+            password_helper: PasswordHelper::Script(self.password_helper),
+            input_salt: if PathBuf::from(&self.salt).exists() {
+                InputSalt::File { path: self.salt.into() }
+            } else {
+                InputSalt::AskPassword
+            }
+        }
+    }
+}
+
+
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Config {
     pub credential_id: String,
diff --git a/src/main.rs b/src/main.rs
index 639e117..f805878 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -17,7 +17,7 @@ use luks::device::Error::CryptsetupError;
 use std::collections::HashMap;
 use std::env;
 
-use std::io::{self, Write};
+use std::io::{self, stdout, Write};
 use std::path::PathBuf;
 use std::process::exit;
 
@@ -84,26 +84,33 @@ fn open(conf: &Config, secret: &[u8; 32]) -> Fido2LuksResult<()> {
 fn main() -> Fido2LuksResult<()> {
     let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec
     let env = env::vars().collect::<HashMap<_, _>>();
+    let conf = Config::load_default_location()?;
+    let secret = || -> Fido2LuksResult<[u8; 32]> {
+        let salt = conf.input_salt.obtain(&conf.password_helper)?;
+
+        Ok(assemble_secret(
+            &perform_challenge(&conf.credential_id, &salt)?,
+            &salt,
+        ))
+    };
     if args.is_empty() {
-        let conf = Config::load_default_location()?;
         let salt = conf.input_salt.obtain(&conf.password_helper)?;
         dbg!(hex::encode(&salt));
-        let secret = {
-            let salt = conf.input_salt.obtain(&conf.password_helper)?;
-
-            assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
-        };
         if env.contains_key("CRYPTTAB_NAME") {
             //Indicates that this script is being run as keyscript
-            open(&conf, &secret)
+            let mut out = stdout();
+            out.write(&secret()?)?;
+            Ok(out.flush()?)
         } else {
-            io::stdout().write(&secret)?;
+            io::stdout().write(&secret()?)?;
             Ok(io::stdout().flush()?)
         }
     } else {
         match args.first().map(|s| s.as_ref()).unwrap() {
             "addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()),
             "setup" => setup(),
+            "open" if args.get(1).map(|a| &*a == "-e").unwrap_or(false) => open(&envy::prefixed("FIDO2LUKS_").from_env::<EnvConfig>().expect("Missing env config values").into(), &secret()?),
+            "open" => open(&conf, &secret()?),
             "connected" => match authenticator_connected()? {
                 false => {
                     println!("no");