diff --git a/keep.kdbx b/keep.kdbx
index 591bb86..4a3321c 100644
Binary files a/keep.kdbx and b/keep.kdbx differ
diff --git a/setup.yml b/setup.yml
index a32665e..d44be61 100644
--- a/setup.yml
+++ b/setup.yml
@@ -1,6 +1,9 @@
 ---
 - name: setup target to be managed by ansible
   hosts: cibles
+  vars:
+      password: "{{lookup( 'viczem.keepass.keepass', 'ansible shell', 'password') }}"
+      username: "{{ lookup( 'viczem.keepass.keepass', 'ansible shell', 'username') }}"
   tasks:
   - name: warn people
     lineinfile:
@@ -26,23 +29,21 @@
   - name: create account
     tags: lookup
     vars:
-      password: "{{ lookup( 'viczem.keepass.keepass', 'ansible', 'password') }}"
-      username: "{{ lookup( 'viczem.keepass.keepass', 'ansible', 'username') }}"
     user:
       name: "{{ username }}"
-      password: "{{ password | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      password: "{{  password  | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
       create_home: yes
       home: "/home/{{ username }}"
 
   - name: configure sudo
     copy:
-      content: "ansible ALL=(ALL)      NOPASSWD:  ALL"
+      content: "{{ username }} ALL=(ALL)      NOPASSWD:  ALL"
       dest: /etc/sudoers.d/ansible
       validate: "/usr/sbin/visudo -cf %s"
 
   - name: deploy ssh key
     authorized_key:
-      user: ansible
+      user: "{{ username }}"
       key: "{{ item }}"
     loop:
     - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"