Add installer env configuration

scripts/install-vault-pass.sh

@@ -5,6 +5,23 @@ REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 DEST="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
 ARCHIVE="${1:-$REPO_DIR/secrets/vault-pass.txt.zip}"
 VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
+ENV_FILE="${INSTALL_ENV_FILE:-$REPO_DIR/install.env}"
+
+load_env_file() {
+  if [ -f "$ENV_FILE" ]; then
+    set -a
+    # shellcheck disable=SC1090
+    . "$ENV_FILE"
+    set +a
+  fi
+}
+
+load_env_file
+
+# Re-apply env-configurable paths after loading install.env.
+DEST="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
+ARCHIVE="${VAULT_PASS_ARCHIVE:-${1:-$REPO_DIR/secrets/vault-pass.txt.zip}}"
+VAULT_FILE="${VAULT_FILE:-$REPO_DIR/secrets/vault.yml}"
 # Optional non-interactive controls:
 #   INSTALL_VAULT_PASS_METHOD=create|manual|url|archive
 #   VAULT_PASS_CONTENT=<content>          (for method=manual)
@@ -16,6 +33,11 @@ usage() {
   cat <<USAGE
 Usage: scripts/install-vault-pass.sh [archive.zip]
 
+Loads installer env from:
+  ${INSTALL_ENV_FILE:-$REPO_DIR/install.env}
+Override with:
+  INSTALL_ENV_FILE=/path/to/install.env ./scripts/install-vault-pass.sh
+
 Installs the Ansible Vault password file to:
   ${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}
 
@@ -27,7 +49,7 @@ Interactive behavior:
      [3] Download vault-pass.txt from a user-provided URL
      [4] Extract vault-pass.txt from a password-protected zip archive
 
-Non-interactive agent mode:
+Non-interactive agent mode (via install.env or environment variables):
   INSTALL_VAULT_PASS_METHOD=create ./scripts/install-vault-pass.sh
   VAULT_PASS_CONTENT='...' INSTALL_VAULT_PASS_METHOD=manual ./scripts/install-vault-pass.sh
   VAULT_PASS_URL='https://...' INSTALL_VAULT_PASS_METHOD=url ./scripts/install-vault-pass.sh