diff --git a/.bin/ansible_aliases b/.bin/ansible_aliases
new file mode 100755
index 0000000..e324e47
--- /dev/null
+++ b/.bin/ansible_aliases
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -euo pipefail
+
+alias ansible-galaxy="/usr/bin/ansible-galaxy"
+alias ansible-vault="/usr/bin/ansible-vault"
+alias ansible-playbook="/usr/bin/ansible-playbook"
diff --git a/.bin/skansible.sh b/.bin/skansible.sh
new file mode 100755
index 0000000..92f1f4d
--- /dev/null
+++ b/.bin/skansible.sh
@@ -0,0 +1,181 @@
+#!/bin/bash
+set -euo pipefail
+
+SKATO_ANSIBLE_ROOT=$(dirname "$0")
+SKATO_ANSIBLE_ROOT=$(dirname "$SKATO_ANSIBLE_ROOT")
+export SKATO_ANSIBLE_ROOT
+printf "root=%s\n" "$SKATO_ANSIBLE_ROOT" > "./config" # INI format
+export SKATO_BOOTSTRAP_ROLE="${SKATO_ANSIBLE_ROOT}/roles/bootstrap"
+export SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"
+
+if [[ -f "./ansible_aliases" ]]; then
+    source ./ansible_aliases
+fi
+
+# Relative directory paths for role templates/files
+export SKANSIBLE_ARIA="aria2"
+export SKANSIBLE_PROFTPD="proftpd"
+export SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
+# @NOTE below 4 filepaths have filenames that must correspond to 
+# the filenames in role ProFTPd templates'/files' Display settings 
+export SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
+export SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
+export SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
+export SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
+export SKANSIBLE_SSHD_CONFS="sshd_config.d"
+export SKANSIBLE_SYSTEMD="systemd"
+export SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
+export SKANSIBLE_FAIL2BAN="fail2ban"
+export SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
+export SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
+export SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
+# @NOTE files in here must have extension "key" with IDs in  
+# "gpg_keys" inventory variable list as basenames.
+export SKANSIBLE_GPG="gnupg"
+# @NOTE files in path below must have extensions "key" (private), 
+# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
+export SKANSIBLE_SSL="ca-certificates"
+
+set-root () {
+    if [[ $# -eq 0 ]]; then
+        SKATO_ANSIBLE_ROOT=$(awk -F "=" '/root/ {print $2}' "./config")
+        export SKATO_ANSIBLE_ROOT
+    elif [[ -z "$1" ]]; then
+        SKATO_ANSIBLE_ROOT="$1"
+        export SKATO_ANSIBLE_ROOT
+        sed -i 's|^(root=).*||g' "./config"
+        sed -i "1 i\root=${SKATO_ANSIBLE_ROOT}" "./config"
+    fi
+}
+
+gxy () {
+    ansible-galaxy "$@"
+}
+
+vult () {
+    ansible-vault "$@"
+}
+
+play () {
+    ansible-playbook "$@"
+}
+
+import-gpg () {
+    for id in "$@";
+    do
+        gpg --export-secret-keys "$id" > "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_GPG}/${id}.key"
+    done
+}
+
+import-ssl () {
+    for domain in "$@";
+    do
+        cp "/usr/local/share/ca-certificates/${domain}.key" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.key"
+        cp "/usr/local/share/ca-certificates/${domain}.pem" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.pem"
+        cp "/usr/local/share/ca-certificates/${domain}.crt" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.crt"
+    done
+}
+
+import () {
+    case "$1" in
+        ssl) shift; import-ssl "$@";;
+        gpg) shift; import-gpg "$@";;
+        *) exit 1;;
+    esac
+}
+
+mksecret () {
+    true
+}
+
+decrypt () {
+    while getopts "mv:i:d:" flag; do
+        case "$flag" in
+            m) METHOD=$OPTARG;;
+            v) VAULT_ID=$OPTARG;;
+            i) INPUT_FILE=$OPTARG;;
+            d) OUTPUT_PATH=$OPTARG;;
+            *) exit 1;;
+        esac
+    done
+
+    if ! [[ "$VAULT_ID" == *"@"* ]]; then
+        ID_TAG="$VAULT_ID"
+
+        if [[ "$METHOD" == "prompt" ]]; then
+            VAULT_ID="${VAULT_ID}@prompt"
+        elif [[ "$METHOD" == "file" ]]; then
+            if [[ -z "$INPUT_FILE" ]]; then
+                exit 1
+            else
+                VAULT_ID="${VAULT_ID}@${INPUT_FILE}"
+            fi
+        else
+            exit 1
+        fi
+    fi
+
+    if [[ -z "$OUTPUT_PATH" ]]; then
+        OUTPUT_FILE="${SKANSIBLE_SECRETS}/${ID_TAG}.txt"
+    else
+        mkdir -p "${SKANSIBLE_SECRETS}/${OUTPUT_PATH}"
+        OUTPUT_FILE="${SKANSIBLE_SECRETS}/${OUTPUT_PATH}/${ID_TAG}.txt"
+    fi
+
+    ansible-vault decrypt --vault-id "$VAULT_ID" --output "$OUTPUT_FILE" "$INPUT_FILE"
+}
+
+encrypt () {
+    while getopts "mv:d:pn:" flag; do
+        case "$flag" in
+            m) METHOD="$OPTARG";;
+            v) VAULT_ID="$OPTARG";;
+            d) PASS_PATH="$OPTARG";;
+            p) read -rp "Provide intended password: " PASSWORD;;
+            n) VAR_NAME="$OPTARG";;
+            *) exit 1;;
+        esac
+    done
+
+    while [[ -z "$PASSWORD" ]]; do
+        printf "Password missing. \nPlease specify a password. \n"
+        read -rp "Provide intended password: " PASSWORD
+    done
+
+    if ! [[ "$VAULT_ID" == *"@"* ]]; then
+        ID_TAG="${VAULT_ID}"
+
+        if [[ "$METHOD" ==  "prompt" ]]; then
+            VAULT_ID="${VAULT_ID}@prompt"
+        elif [[ "$METHOD" == "file" ]]; then
+            if [[ -z "$PASS_PATH" ]]; then
+                PASS_FILE="${SKANSIBLE_SECRETS}/${VAULT_ID}.txt"
+            else
+                mkdir -p "${SKANSIBLE_SECRETS}/${PASS_PATH}"
+                PASS_FILE="${SKANSIBLE_SECRETS}/${PASS_PATH}/${VAULT_ID}.txt"
+            fi
+            printf "%s\n" "$PASSWORD" > "$PASS_FILE"
+            VAULT_ID="${VAULT_ID}@${PASS_FILE}"
+        fi
+    fi
+
+    printf "Make sure to copy following output to appropriate YAML location.\n"
+    if [[ -z "$VAR_NAME" ]]; then
+        ansible-vault encrypt_string --name "$VAR_NAME" --stdin-name "$VAR_NAME" --vault-id "$VAULT_ID" --output - "$PASSWORD"
+    else
+        ansible-vault encrypt_string --stdin-name "$ID_TAG" --vault-id "$VAULT_ID" --output - "$PASSWORD"
+    fi
+}
+
+# source ./extensions.d/edit.sh
+
+case "$1" in
+    set-root) shift; set-root "$1";;
+    gxy) shift; gxy "$@";;
+    vult) shift; vult "$@";;
+    play) shift; play "$@";;
+    import) shift; import "$@";;
+    decrypt) shift; decrypt "$@";;
+    encrypt) shift; encrypt "$@";;
+    *) exit 1;;
+esac
\ No newline at end of file
diff --git a/standard_paths b/standard_paths
deleted file mode 100644
index a0f367c..0000000
--- a/standard_paths
+++ /dev/null
@@ -1,28 +0,0 @@
-# SKATO_ANSIBLE_ROOT=
-
-# Relative directory paths for role templates/files
-SKANSIBLE_ARIA="aria2"
-SKANSIBLE_PROFTPD="proftpd"
-SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
-# @NOTE below 4 filepaths have filenames that must correspond to 
-# the filenames in role ProFTPd templates'/files' Display settings 
-SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
-SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
-SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
-SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
-SKANSIBLE_SSHD_CONFS="sshd_config.d"
-SKANSIBLE_SYSTEMD="systemd"
-SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
-SKANSIBLE_FAIL2BAN="fail2ban"
-SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
-SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
-SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
-# @NOTE files in here must have extension "key" with IDs in  
-# "gpg_keys" inventory variable list as basenames.
-SKANSIBLE_GPG="gnupg"
-# @NOTE files in path below must have extensions "key" (private), 
-# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
-SKANSIBLE_SSL="ca-certificates"
-
-# Other directories
-SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"
\ No newline at end of file