diff --git a/.gitignore b/.gitignore
index b59363c9f6e1c76641c1807d2aa560cb3bb74df2..375cc421255633b1ca3d6bcb35fb53a330619179 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 *.retry
 roles/geerlingguy.*/
+.password
+.vault
diff --git a/host_vars/pi3.lqdn.fr.yml b/host_vars/pi3.lqdn.fr.yml
index ddea1556f09910f48235acf3a43b990bdf8ef123..0bcdab8a1b064ae64cbca06ce45d53c632a2d1ec 100644
--- a/host_vars/pi3.lqdn.fr.yml
+++ b/host_vars/pi3.lqdn.fr.yml
@@ -3,13 +3,22 @@ wordpress_url: https://grange.dev.lqdn.fr/
 wordpress_title: "Site de dev — Une Grange"
 wordpress_admin_user: datafoin
 wordpress_admin_email: okhin@laquadrature.net
+wordpress_dbname: unegrange_wp
+wordpress_dbuser: datafoin
+wordpress_dbpass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65336533383236653432626338613864633439626332323034633731666333333466383930633661
+          3431363865343433643530303430633664633032333834630a336261363263373331343030373832
+          39616639306138366335363438316233623838656631323133663365373531306535633630326561
+          3266633666616636650a356162626133353236663461303464346335396262303835666133613531
+          3131
 
-certbot_create_command: "{{ certbot_script }} certonly --webroot --webrootpath /var/www/letsencrypt/ --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(,)"
+#certbot_create_command: "{{ certbot_script }} certonly --webroot --webrootpath /var/www/letsencrypt/ --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(,)"
 
-certbot_certs:
-    - domains:
-        - "grange.dev.lqdn.fr"
-        - "*.grange.dev.lqdn.fr"
+#certbot_certs:
+#    - domains:
+#        - "grange.dev.lqdn.fr"
+#        - "*.grange.dev.lqdn.fr"
 
 apache_vhosts_ssl:
     - servername: "grange.dev.lqdn.fr"
diff --git a/hosts b/hosts
index 2270497de7eac5c88f58d3cbe8853354b2f171fb..3b94d8f4bf5d881e5a2f33b4169a2c39899ab698 100644
--- a/hosts
+++ b/hosts
@@ -5,6 +5,3 @@ pi3.lqdn.fr
 
 [wordpress]
 pi3.lqdn.fr
-
-[webserver]
-pi3.lqdn.fr
diff --git a/site.yml b/site.yml
index e0e10084d6296031d948080406d5acf70f0a128f..d31d5332041754f1d69c3134ffd48f2796d242c8 100644
--- a/site.yml
+++ b/site.yml
@@ -50,7 +50,11 @@
       - role: geerlingguy.certbot
 
 - hosts: wordpress
+  environment:
+      ANSIBLE_VAULT_PASSWORD_FILE: /root/.ansible.vault
   remote_user: root
+  vars_files:
+      - group_vars/webserver.yml
   roles:
       - role: wpcli
       - role: wordpress