diff --git a/docker/kayobe/Dockerfile b/docker/kayobe/Dockerfile
index d44446c..b1dc4eb 100644
--- a/docker/kayobe/Dockerfile
+++ b/docker/kayobe/Dockerfile
@@ -78,11 +78,12 @@ RUN chmod 600 /stack/.ssh/config
 # Copy custom binaries into image. The wildcard worksaround the check on the parent directory existing.
 COPY .automation/utils/kayobe-automation-activate .automation.conf/docker*/kayobe/bin/* /usr/local/bin/
 
+ARG KAYOBE_VAULT_PASSWORD
+
 # Control host bootsrap without leaving kayobe-config in the image
 RUN --mount=type=ssh,uid=1000 --mount=type=tmpfs,target=/tmp/src --mount=type=bind,source=.,target=/src sudo cp -rfp /src /tmp/ && \
   sudo chown -Rf stack:stack /tmp/src && \
   # Strip the secrets so that we don't need to pass in a vault-password
-  grep -lR "\$ANSIBLE_VAULT" /tmp/src | xargs rm -f && \
   bash /tmp/src/.automation/utils/kayobe-automation-install && \
   (rm -f /stack/.ssh/{id_rsa,id_rsa.pub} || true) && \
   (mkdir /stack/.ansible || true) && \