Cache or provide PEM pass phrase as variable

I’m writing a custom Ansible lookup plugin that uses open_url to communicate with a web server.
I have to include client_cert and client_key, but I want to keep client_key on my computer encrypted.

Every time I run the playbook, I’m prompted Enter PEM pass phrase: for every lookup that occurs.
I’ve been scouring online, and AI tools trying to find a way to store the pass phrase as a variable, set it in ansible.cfg, or any other method, and can’t seem to find a way.

Do I have to decrypt the private_key to not be prompted?
Is there any other way?
Is there anything I can do in my custom plugin to make it smoother?

You’ll probably want to provide a module option to feed the lookup plugin with the passphrase. That option can be filled by ansible vault protected ansible variable, or an environment variable.

This would require you to code passing the variable into whatever you are doing in your lookup instead of letting something look for stdin during execution which isn’t ideal anyways with how ansible can run in multiple forks.