diff --git a/package-lock.json b/package-lock.json
index bb40ab0..3dded99 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "azure-acme-provisioner",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "azure-acme-provisioner",
-      "version": "0.4.1",
+      "version": "0.4.2",
       "license": "MIT",
       "dependencies": {
         "@azure/arm-authorization": "^9.0.0",
diff --git a/package.json b/package.json
index b4d15a5..22bbeaf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "azure-acme-provisioner",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "author": {
     "name": "Sławomir Koszewski",
     "url": "https://github.com/skoszewski"
diff --git a/src/cli.ts b/src/cli.ts
index 938997b..db6e125 100644
--- a/src/cli.ts
+++ b/src/cli.ts
@@ -34,11 +34,14 @@ function applyOverrides(options: Record<string, unknown>): void {
   if (options['renewalThreshold']) process.env['ACME_RENEWAL_THRESHOLD_DAYS'] = String(options['renewalThreshold']);
   if (options['logLevel']) process.env['ACME_LOG_LEVEL'] = String(options['logLevel']);
   if (options['http']) process.env['ACME_HTTP_PORT'] = String(options['http']);
+  if (options['keyvaultName'] && !options['keyvaultUrl'])
+    process.env['ACME_KEYVAULT_URL'] = `https://${options['keyvaultName']}.vault.azure.net`;
 }
 
 const sharedOptions = (cmd: Command): Command =>
   cmd
-    .option('--keyvault-url <url>', 'Azure KeyVault URL')
+    .option('--keyvault-name <name>', 'Azure KeyVault name (constructs https://<name>.vault.azure.net)')
+    .option('--keyvault-url <url>', 'Azure KeyVault URL (overrides --keyvault-name; use for sovereign clouds)')
     .option('--keyvault-resource-group <rg>', 'Resource group containing the Key Vault')
     .option('--subscription-id <id>', 'Azure subscription ID')
     .option('--resource-group <rg>', 'Resource group to scan (repeatable)', collect, [])
diff --git a/src/lib/config.ts b/src/lib/config.ts
index 0bf30df..daee2df 100644
--- a/src/lib/config.ts
+++ b/src/lib/config.ts
@@ -48,7 +48,10 @@ export function loadConfig(): Config {
   }
 
   return {
-    keyVaultUrl: process.env['ACME_KEYVAULT_URL'],
+    keyVaultUrl: process.env['ACME_KEYVAULT_URL'] ??
+      (process.env['ACME_KEYVAULT_NAME']
+        ? `https://${process.env['ACME_KEYVAULT_NAME']}.vault.azure.net`
+        : undefined),
     acmeDirectoryUrl: optionalEnv(
       'ACME_DIRECTORY_URL',
       'https://acme-v02.api.letsencrypt.org/directory'