diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go
index 02a1e6edb..ffc2c1ba2 100644
--- a/cmd/helm/helm.go
+++ b/cmd/helm/helm.go
@@ -61,16 +61,19 @@ Common actions from this point include:
 - helm list:      list releases of charts
 
 Environment:
-  $HELM_HOME          set an alternative location for Helm files. By default, these are stored in ~/.helm
-  $HELM_HOST          set an alternative Tiller host. The format is host:port
-  $HELM_NO_PLUGINS    disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
-  $TILLER_NAMESPACE   set an alternative Tiller namespace (default "kube-system")
-  $KUBECONFIG         set an alternative Kubernetes configuration file (default "~/.kube/config")
-  $HELM_TLS_CA_CERT   path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
-  $HELM_TLS_CERT      path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
-  $HELM_TLS_KEY       path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
-  $HELM_TLS_VERIFY    enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
-  $HELM_TLS_ENABLE    enable TLS connection between Helm and Tiller (default "false")
+  $HELM_HOME           set an alternative location for Helm files. By default, these are stored in ~/.helm
+  $HELM_HOST           set an alternative Tiller host. The format is host:port
+  $HELM_NO_PLUGINS     disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
+  $TILLER_NAMESPACE    set an alternative Tiller namespace (default "kube-system")
+  $KUBECONFIG          set an alternative Kubernetes configuration file (default "~/.kube/config")
+  $HELM_TLS_CA_CERT    path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
+  $HELM_TLS_CERT       path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
+  $HELM_TLS_KEY        path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
+  $HELM_TLS_VERIFY     enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
+  $HELM_TLS_ENABLE     enable TLS connection between Helm and Tiller (default "false")
+  $HELM_KEY_PASSPHRASE set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for
+                       the passphrase while signing helm charts
+
 `
 
 func newRootCmd(args []string) *cobra.Command {
diff --git a/cmd/helm/package.go b/cmd/helm/package.go
index 51686dba7..05fdf02f8 100644
--- a/cmd/helm/package.go
+++ b/cmd/helm/package.go
@@ -215,7 +215,7 @@ func (p *packageCmd) clearsign(filename string) error {
 		return err
 	}
 
-	if err := signer.DecryptKey(promptUser); err != nil {
+	if err := signer.DecryptKey(passphraseFetcher); err != nil {
 		return err
 	}
 
@@ -229,8 +229,13 @@ func (p *packageCmd) clearsign(filename string) error {
 	return ioutil.WriteFile(filename+".prov", []byte(sig), 0755)
 }
 
-// promptUser implements provenance.PassphraseFetcher
-func promptUser(name string) ([]byte, error) {
+// passphraseFetcher implements provenance.PassphraseFetcher
+func passphraseFetcher(name string) ([]byte, error) {
+	var passphrase = settings.HelmKeyPassphrase()
+	if passphrase != "" {
+		return []byte(passphrase), nil
+	}
+
 	fmt.Printf("Password for key %q >  ", name)
 	pw, err := terminal.ReadPassword(int(syscall.Stdin))
 	fmt.Println()
diff --git a/docs/helm/helm.md b/docs/helm/helm.md
index 136721c36..177be7e88 100644
--- a/docs/helm/helm.md
+++ b/docs/helm/helm.md
@@ -21,16 +21,19 @@ Common actions from this point include:
 - helm list:      list releases of charts
 
 Environment:
-  $HELM_HOME          set an alternative location for Helm files. By default, these are stored in ~/.helm
-  $HELM_HOST          set an alternative Tiller host. The format is host:port
-  $HELM_NO_PLUGINS    disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
-  $TILLER_NAMESPACE   set an alternative Tiller namespace (default "kube-system")
-  $KUBECONFIG         set an alternative Kubernetes configuration file (default "~/.kube/config")
-  $HELM_TLS_CA_CERT   path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
-  $HELM_TLS_CERT      path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
-  $HELM_TLS_KEY       path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
-  $HELM_TLS_VERIFY    enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
-  $HELM_TLS_ENABLE    enable TLS connection between Helm and Tiller (default "false")
+  $HELM_HOME           set an alternative location for Helm files. By default, these are stored in ~/.helm
+  $HELM_HOST           set an alternative Tiller host. The format is host:port
+  $HELM_NO_PLUGINS     disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins.
+  $TILLER_NAMESPACE    set an alternative Tiller namespace (default "kube-system")
+  $KUBECONFIG          set an alternative Kubernetes configuration file (default "~/.kube/config")
+  $HELM_TLS_CA_CERT    path to TLS CA certificate used to verify the Helm client and Tiller server certificates (default "$HELM_HOME/ca.pem")
+  $HELM_TLS_CERT       path to TLS client certificate file for authenticating to Tiller (default "$HELM_HOME/cert.pem")
+  $HELM_TLS_KEY        path to TLS client key file for authenticating to Tiller (default "$HELM_HOME/key.pem")
+  $HELM_TLS_VERIFY     enable TLS connection between Helm and Tiller and verify Tiller server certificate (default "false")
+  $HELM_TLS_ENABLE     enable TLS connection between Helm and Tiller (default "false")
+  $HELM_KEY_PASSPHRASE set HELM_KEY_PASSPHRASE to the passphrase of your PGP private key. If set, you will not be prompted for
+                       the passphrase while signing helm charts
+
 
 
 ### Options
@@ -75,4 +78,4 @@ Environment:
 * [helm verify](helm_verify.md)	 - verify that a chart at the given path has been signed and is valid
 * [helm version](helm_version.md)	 - print the client/server version information
 
-###### Auto generated by spf13/cobra on 4-Sep-2018
+###### Auto generated by spf13/cobra on 16-Oct-2018
diff --git a/docs/provenance.md b/docs/provenance.md
index d8f9e4089..3a19fcd07 100644
--- a/docs/provenance.md
+++ b/docs/provenance.md
@@ -26,7 +26,9 @@ Prerequisites:
 - Keybase command line tools (optional)
 
 **NOTE:** If your PGP private key has a passphrase, you will be prompted to enter
-that passphrase for any commands that support the `--sign` option.
+that passphrase for any commands that support the `--sign` option. You can set the
+HELM_KEY_PASSPHRASE environment variable to that passphrase in case you don't want 
+to be prompted to enter the passphrase.
 
 **NOTE:** The keyfile format for GnuPG changed in version 2.1. Prior to that release
 it was unnecessary to export keys out of GnuPG, and you could instead point Helm
diff --git a/pkg/helm/environment/environment.go b/pkg/helm/environment/environment.go
index 76348c3bd..6d40fb846 100644
--- a/pkg/helm/environment/environment.go
+++ b/pkg/helm/environment/environment.go
@@ -138,6 +138,14 @@ func (s EnvSettings) PluginDirs() string {
 	return s.Home.Plugins()
 }
 
+// HelmKeyPassphrase is the passphrase used to sign a helm chart.
+func (s EnvSettings) HelmKeyPassphrase() string {
+	if d, ok := os.LookupEnv("HELM_KEY_PASSPHRASE"); ok {
+		return d
+	}
+	return ""
+}
+
 // setFlagFromEnv looks up and sets a flag if the corresponding environment variable changed.
 // if the flag with the corresponding name was set during fs.Parse(), then the environment
 // variable is ignored.