diff --git a/README.md b/README.md
index 32e786ebec13d517f095046777f67bccedf5b40c..cd2d78ab866588a6e3d1ff93195b3ce1fb48d70c 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ run the provisioning script: `ansible-playbook playbooks/tasks/install-arch.yml
 The provisioning script configures a sane basic systemd with sshd. By design, it is NOT idempotent.
 After the provisioning script has run, it is safe to reboot.
 
-Once in the new system, run the regular playbook: `ansible-playbook playbooks/$hostname.yml`. This
-playbook is the one regularity used for administrating the server and is entirely idempotent.
+Once in the new system, run the regular playbook: `HCLOUD_TOKEN=$(misc/get_hcloud_api_key_ansible.sh) ansible-playbook playbooks/$hostname.yml`.
+This playbook is the one regularity used for administrating the server and is entirely idempotent.
 
 ##### Note about first time certificates
 
@@ -29,7 +29,7 @@ Note that some roles already run this automatically.
 We use packer to build snapshots on hcloud to use as server base images.
 In order to use this, you need to install packer and then run
 
-	packer build -var $(./packer/get_hetzner_cloud_api_key.sh) packer/archlinux.json
+	packer build -var $(./misc/get_hcloud_api_key_packer.sh) packer/archlinux.json
 
 This will take some time after which a new snapshot will have been created on the primary hcloud archlinux project.
 
@@ -38,12 +38,12 @@ This will take some time after which a new snapshot will have been created on th
 We use terraform to provision a part of the infrastructure on hcloud.
 In order to use this, you need to install terraform and then run
 
-    terraform plan -var $(./packer/get_hetzner_cloud_api_key.sh) terraform
+    terraform plan -var $(./misc/get_hcloud_api_key_packer.sh) terraform
 
 This will show you planned changes between the current infrastructure and the desired infrastructure.
 You can then run
 
-    terraform apply -var $(./packer/get_hetzner_cloud_api_key.sh) terraform
+    terraform apply -var $(./packer/get_hcloud_api_key_packer.sh) terraform
 
 to actually apply your changes.
 
diff --git a/ansible.cfg b/ansible.cfg
index 0509dd0e233d454e4f08fe2a12113c549d56cc2f..87a4e9c6bf9b781c804a89f12a5f357737511574 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-inventory = hosts,hcloud.yml
+inventory = hosts,inventory_hcloud.yml
 library = library
 remote_tmp = $HOME/.ansible/tmp
 remote_user = root
diff --git a/hcloud.yml b/inventory_hcloud.yml
similarity index 100%
rename from hcloud.yml
rename to inventory_hcloud.yml
diff --git a/misc/get_hcloud_api_key_ansible.sh b/misc/get_hcloud_api_key_ansible.sh
new file mode 100755
index 0000000000000000000000000000000000000000..4407ffdffcabef2ff3a394cb3d82cc15d5107ca8
--- /dev/null
+++ b/misc/get_hcloud_api_key_ansible.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ansible-vault view misc/hetzner-password.vault | grep hetzner_cloud_api_key | cut -f2 -d' '
diff --git a/packer/get_hetzner_cloud_api_key.sh b/misc/get_hcloud_api_key_packer.sh
similarity index 100%
rename from packer/get_hetzner_cloud_api_key.sh
rename to misc/get_hcloud_api_key_packer.sh