diff --git a/src/main.rs b/src/main.rs
index 4f6691e..9641438 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,5 @@
 use std::collections::HashMap;
+use std::env::VarError::{NotPresent, NotUnicode};
 use std::ffi::OsString;
 use std::fs::read_dir;
 use std::io::{BufRead, BufReader, Write};
@@ -7,6 +8,7 @@ use std::path::PathBuf;
 use anyhow::{bail, Context, Error};
 use chrono::NaiveDateTime;
 use env_logger::Target;
+use pbs_client::tools::get_secret_from_env;
 use proxmox_sys::linux::tty;
 use proxmox_time::epoch_i64;
 use regex::Regex;
@@ -27,7 +29,7 @@ Arguments:
 
 Options:
       --repository <auth_id@host:port:datastore>
-          Repository URL
+          Repository URL [env: PBS_REPOSITORY]
       [--ns <NAMESPACE>]
           Namespace
       [--vmid <VMID>]
@@ -38,7 +40,7 @@ Options:
       [--backup-time <EPOCH>]
           Backup timestamp
       --fingerprint <FINGERPRINT>
-          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT=]
+          Proxmox Backup Server Fingerprint [env: PBS_FINGERPRINT]
       --keyfile <KEYFILE>
           Key file
       --master-keyfile <MASTER_KEYFILE>
@@ -48,9 +50,10 @@ Options:
   -e, --encrypt
           Encrypt the Backup
       --password-file <PASSWORD_FILE>
-          Password file
+          Password file [env: PBS_PASSWORD, PBS_PASSWORD_FD, PBS_PASSWORD_FILE, PBS_PASSWORD_CMD]
       --key-password-file <KEY_PASSWORD_FILE>
-          Key password file
+          Key password file [env: PBS_ENCRYPTION_PASSWORD, PBS_ENCRYPTION_PASSWORD_FD,
+                             PBS_ENCRYPTION_PASSWORD_FILE, PBS_ENCRYPTION_PASSWORD_CMD]
       [--notes-file <NOTES_FILE>]
           File containing a comment/notes
       [--log-file <LOG_FILE>]
@@ -120,7 +123,7 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
         std::process::exit(0);
     }
 
-    let pbs_repository = args.value_from_str("--repository")?;
+    let pbs_repository = args.opt_value_from_str("--repository")?;
     let namespace = args.opt_value_from_str("--ns")?;
     let vmid: Option<String> = args.opt_value_from_str("--vmid")?;
     let backup_time: Option<i64> = args.opt_value_from_str("--backup-time")?;
@@ -149,10 +152,22 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
         bail!("unexpected extra arguments, use '-h' for usage");
     }
 
+    let pbs_repository = match pbs_repository {
+        Some(v) => v,
+        None => match std::env::var("PBS_REPOSITORY") {
+            Ok(v) => v,
+            Err(NotPresent) => bail!("Repository not set. Use $PBS_REPOSITORY or --repository"),
+            Err(NotUnicode(_)) => bail!("$PBS_REPOSITORY contains invalid unicode"),
+        },
+    };
+
     let fingerprint = match fingerprint {
         Some(v) => v,
-        None => std::env::var("PBS_FINGERPRINT")
-            .context("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint")?,
+        None => match std::env::var("PBS_FINGERPRINT") {
+            Ok(v) => v,
+            Err(NotPresent) => bail!("Fingerprint not set. Use $PBS_FINGERPRINT or --fingerprint"),
+            Err(NotUnicode(_)) => bail!("$PBS_FINGERPRINT contains invalid unicode"),
+        },
     };
 
     if forwarded_args.len() > 1 {
@@ -161,30 +176,27 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
 
     let vma_file_path = forwarded_args.first();
 
-    let pbs_password = match password_file {
-        Some(password_file) => {
-            let mut password =
-                std::fs::read_to_string(password_file).context("Could not read password file")?;
+    let pbs_password = if let Some(password_file) = password_file {
+        let mut password =
+            std::fs::read_to_string(password_file).context("Could not read password file")?;
 
-            if password.ends_with('\n') || password.ends_with('\r') {
+        if password.ends_with('\n') || password.ends_with('\r') {
+            password.pop();
+            if password.ends_with('\r') {
                 password.pop();
-                if password.ends_with('\r') {
-                    password.pop();
-                }
             }
-
-            password
         }
-        None => {
-            if vma_file_path.is_none() {
-                bail!(
-                    "Please use --password-file to provide the password \
-                    when passing the VMA file to stdin"
-                );
-            }
 
-            String::from_utf8(tty::read_password("Password: ")?)?
-        }
+        password
+    } else if let Some(password) = get_secret_from_env("PBS_PASSWORD")? {
+        password
+    } else if vma_file_path.is_none() {
+        bail!(
+            "Please use --password-file, $PBS_PASSWORD, $PBS_PASSWORD_FD, $PBS_PASSWORD_FILE, \
+            or $PBS_PASSWORD_CMD to provide the password when passing the VMA file to stdin"
+        );
+    } else {
+        String::from_utf8(tty::read_password("Password: ")?)?
     };
 
     let key_password = if keyfile.is_some() {
@@ -199,6 +211,8 @@ fn parse_args() -> Result<BackupVmaToPbsArgs, Error> {
                 }
             }
 
+            Some(key_password)
+        } else if let Some(key_password) = get_secret_from_env("PBS_ENCRYPTION_PASSWORD")? {
             Some(key_password)
         } else if vma_file_path.is_none() {
             log::info!(