diff --git a/27_vault/apache.yml b/27_vault/apache.yml
new file mode 100644
index 0000000..f9f7fbe
--- /dev/null
+++ b/27_vault/apache.yml
@@ -0,0 +1,7 @@
+---
+- name: install apache via ansible playbook
+  hosts: test
+  user: root
+  become: false
+  roles:
+   - myapache5
diff --git a/27_vault/myapache5/README.md b/27_vault/myapache5/README.md
new file mode 100644
index 0000000..34e1a69
--- /dev/null
+++ b/27_vault/myapache5/README.md
@@ -0,0 +1,40 @@
+Role Name
+=========
+
+Rôle de deploiement apache sur une centos ou Debian
+
+Répertoire privé protégé par mot de passe demandé à l'utilisateur
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+Voir fichier vars/main.yml
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { myapache }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas Constans <thomas@opendoor.fr>
diff --git a/27_vault/myapache5/defaults/main.yml b/27_vault/myapache5/defaults/main.yml
new file mode 100644
index 0000000..8c667e1
--- /dev/null
+++ b/27_vault/myapache5/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for myapache
\ No newline at end of file
diff --git a/27_vault/myapache5/files/index.html b/27_vault/myapache5/files/index.html
new file mode 100644
index 0000000..416474e
--- /dev/null
+++ b/27_vault/myapache5/files/index.html
@@ -0,0 +1 @@
+<h1>hello World</h1>
\ No newline at end of file
diff --git a/27_vault/myapache5/handlers/main.yml b/27_vault/myapache5/handlers/main.yml
new file mode 100644
index 0000000..2a19def
--- /dev/null
+++ b/27_vault/myapache5/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+# handlers file for myapache
+- name: reload httpd
+  service:
+   name: "{{ service_name }}"
+   state: reloaded
+
+- name: reload firewalld
+  service:
+     name: firewalld
+     state: reloaded
diff --git a/27_vault/myapache5/meta/main.yml b/27_vault/myapache5/meta/main.yml
new file mode 100644
index 0000000..7223799
--- /dev/null
+++ b/27_vault/myapache5/meta/main.yml
@@ -0,0 +1,57 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
\ No newline at end of file
diff --git a/27_vault/myapache5/tasks/main.yml b/27_vault/myapache5/tasks/main.yml
new file mode 100644
index 0000000..b87eb7d
--- /dev/null
+++ b/27_vault/myapache5/tasks/main.yml
@@ -0,0 +1,74 @@
+---
+# tasks file for myapache
+- name: import distribution specific variables
+  tags: http
+  include_vars: "{{ ansible_distribution|lower }}.yml"
+
+- name: import sensitive info
+  tags: [http,secu]
+  include_vars: "private_data"
+
+- name: install apache
+  tags: httpd
+  package: 
+    name: "{{ package_name }}"
+    state: latest
+
+- name: conf httpd
+  tags: httpd
+  notify: reload httpd
+  template:
+    src: vhost.conf.jj
+    dest: "{{ apache_conf_dir }}/vhost.conf"
+    mode: 0640
+    owner: root
+    group: "{{ apache_group }}"
+
+- name: activate apache
+  tags: httpd
+  service:
+    name: "{{ service_name }}"
+    enabled: yes
+
+- name: open firewall port
+  tags: httpd
+  firewalld:
+    service: http
+    permanent: yes
+    immediate: yes
+    state: enabled
+  ignore_errors: yes
+  notify: reload firewalld
+  when: ansible_distribution|lower != "debian"
+
+- name: create documentroot
+  tags: httpd
+  file:
+    name: "{{ item.documentroot }}"
+    state: directory
+  with_items:
+    - "{{ apache_vhosts }}"
+
+- name: install python passlib package
+  tags: req,httpd
+  package:
+    name: python-passlib
+    state: latest
+
+- name: create index file
+  tags: httpd
+  copy:
+    src: index.html
+    dest: "{{ item.documentroot }}/index.html"
+    mode: 0644
+  with_items:
+    - "{{ apache_vhosts }}"
+
+- name: passwd file
+  htpasswd:
+    path: "{{ apache_conf_dir }}/passwd"
+    name: tom
+    password: "{{ htpassword }}"
+    mode: 0640
+    owner: root
+    group: "{{ apache_group }}"
\ No newline at end of file
diff --git a/27_vault/myapache5/templates/vhost.conf.jj b/27_vault/myapache5/templates/vhost.conf.jj
new file mode 100644
index 0000000..72d9094
--- /dev/null
+++ b/27_vault/myapache5/templates/vhost.conf.jj
@@ -0,0 +1,28 @@
+{% for vhost in apache_vhosts %}
+<VirtualHost *:{{ http_port }}>
+       ServerName			{{ vhost.servername|lower }}
+        ServerAlias		{{ vhost.serveralias }}
+        DocumentRoot		{{ vhost.documentroot }}
+        CustomLog 		{{ vhost.accesslog }} combined
+        ErrorLog        {{ vhost.errorlog }}
+        <Directory />
+                Options none
+                Allowoverride none
+                Require all denied
+        </Directory>
+
+        <Directory {{ vhost.documentroot }}>
+	    Options {{ vhost.documentrootoptions|default( "none" ) }}
+            Require all granted
+        </Directory>
+
+		  Alias /private /usr/share/doc
+		  <Directory /usr/share/doc>
+		  Options indexes
+		  AuthName "stop"
+		  AuthType Basic
+		  AuthUserFile {{ apache_conf_dir }}/passwd
+		  require valid-user
+		  </Directory>
+		  </VirtualHost>
+{% endfor %}
diff --git a/27_vault/myapache5/tests/inventory b/27_vault/myapache5/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/27_vault/myapache5/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/27_vault/myapache5/tests/test.yml b/27_vault/myapache5/tests/test.yml
new file mode 100644
index 0000000..797e379
--- /dev/null
+++ b/27_vault/myapache5/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - myapache
\ No newline at end of file
diff --git a/27_vault/myapache5/vars/centos.yml b/27_vault/myapache5/vars/centos.yml
new file mode 120000
index 0000000..ba2f905
--- /dev/null
+++ b/27_vault/myapache5/vars/centos.yml
@@ -0,0 +1 @@
+redhat.yml
\ No newline at end of file
diff --git a/27_vault/myapache5/vars/debian.yml b/27_vault/myapache5/vars/debian.yml
new file mode 100644
index 0000000..03ceb9d
--- /dev/null
+++ b/27_vault/myapache5/vars/debian.yml
@@ -0,0 +1,7 @@
+---
+apache_conf_dir: /etc/apache2/sites-enabled
+apache_log_dir: /var/log/apache2
+package_name: apache2
+service_name: apache2
+apache_user: www-data
+apache_group: www-data
diff --git a/27_vault/myapache5/vars/main.yml b/27_vault/myapache5/vars/main.yml
new file mode 100644
index 0000000..1fb822e
--- /dev/null
+++ b/27_vault/myapache5/vars/main.yml
@@ -0,0 +1,15 @@
+---
+# vars file for myapache
+http_port: 80
+apache_vhosts:
+- servername: ORSYS.Fr
+  serveralias: www.orsys.fr
+  documentroot: /var/www/html/orsys.fr
+  accesslog: "{{ apache_log_dir }}/access_orsys.fr_log"
+  errorlog:  "{{ apache_log_dir }}/error_orsys.fr_log"
+- servername: thomas.fr
+  serveralias: www.thomas.fr
+  documentroot: /var/www/html/thomas.fr
+  accesslog: "{{ apache_log_dir }}/access_thomas.fr_log"
+  errorlog:  "{{ apache_log_dir }}/error_thomas.fr_log"
+  documentrootoptions: indexes
\ No newline at end of file
diff --git a/27_vault/myapache5/vars/private_data b/27_vault/myapache5/vars/private_data
new file mode 100644
index 0000000..831bf9b
--- /dev/null
+++ b/27_vault/myapache5/vars/private_data
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+65666665613430363035653264333066366532613530333730303137633462323139383065633732
+3335363935313537363138623563386464306630373163650a306437356265623339386234666564
+65613865386161623663343338316561356230376366666564643937393935613832373934613230
+6535643766333061380a356236343539386239393239323032353666653038323730323139643532
+32373364316435333665366663613637306461333139346132653133353637396538
diff --git a/27_vault/myapache5/vars/redhat.yml b/27_vault/myapache5/vars/redhat.yml
new file mode 100644
index 0000000..c77ed08
--- /dev/null
+++ b/27_vault/myapache5/vars/redhat.yml
@@ -0,0 +1,7 @@
+---
+apache_conf_dir: /etc/httpd/conf.d/
+apache_log_dir: /var/log/httpd
+package_name: httpd
+service_name: httpd
+apache_user: apache
+apache_group: apache