diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 5732c217aa..f2a7d25edb 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -578,8 +578,8 @@ disk images with `--image=` or similar:
   environment variable to the build directory and you are set. This variable
   is only supported when systemd is compiled in developer mode.
 
-Various tools that read passwords from the TTY, such as `systemd-cryptenroll`
-and `homectl`:
+Various tools that read passwords from the TTY, such as `systemd-cryptenroll`,
+`systemd-dissect` and `homectl`:
 
 * `$PASSWORD` — takes a string: the literal password to use. If this
   environment variable is set it is used as password instead of prompting the
diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c
index 1a8fa52fce..d244822c13 100644
--- a/src/dissect/dissect.c
+++ b/src/dissect/dissect.c
@@ -2152,8 +2152,15 @@ static int run(int argc, char *argv[]) {
                                         return log_error_errno(r, "Failed to guess verity root hash: %m");
 
                                 if (arg_action != ACTION_DISSECT) {
+                                        _cleanup_(erase_and_freep) char *envpw = NULL;
+
+                                        r = getenv_steal_erase("PASSWORD", &envpw);
+                                        if (r < 0)
+                                                return log_error_errno(r, "Failed to acquire password from environment: %m");
+
                                         r = dissected_image_decrypt_interactively(
-                                                        m, NULL,
+                                                        m,
+                                                        envpw,
                                                         &arg_verity_settings,
                                                         arg_image_policy,
                                                         arg_flags);