diff --git a/inventory/host_vars/vlt1.dmz.mateu.be.yml b/inventory/host_vars/vlt1.dmz.mateu.be.yml
index 6e3d2f6..c8981fe 100644
--- a/inventory/host_vars/vlt1.dmz.mateu.be.yml
+++ b/inventory/host_vars/vlt1.dmz.mateu.be.yml
@@ -6,3 +6,16 @@ restic_backup_path:
 
 web_hostname:
   - host: vault.libertus.eu
+
+vaultwarden_admin_token: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62303362643639653430316564636462333638333362643435643136363962353939343961623463
+          3037306233323235653638393461623232333639303565330a356335343165393130333733356335
+          64656233323030323466323864343062303133626162613161393665363332313666363361383735
+          3534363066613135340a613932363930333733663337363666646539346635396231326131386537
+          37373761306238383131386132343936303665306335633231386639313164346634313334623137
+          37383938313663393961643436386338633235623965376239313566666431306435336238653633
+          66343563666133393235333337633361383638626231356665356663616430326234326362643832
+          38326263353137386437383337343964373032323535663732663639653638656266653436363063
+          33363662653463353965366565613531663339363563633039393234323330383430643734376436
+          3139313735663133366334376130353438343863343534663034
diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml
index a5d9d39..e116c5e 100644
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: Put config file
   ansible.builtin.template:
     src: vaultwarden.env.j2
-    dest: "/etc/vaultwarden/vaultwarden.env"
+    dest: "/etc/default/vaultwarden"
     owner: root
     group: vaultwarden
     mode: "0o640"
diff --git a/roles/vaultwarden/templates/vaultwarden.env.j2 b/roles/vaultwarden/templates/vaultwarden.env.j2
index 28b2c2b..de74293 100644
--- a/roles/vaultwarden/templates/vaultwarden.env.j2
+++ b/roles/vaultwarden/templates/vaultwarden.env.j2
@@ -15,7 +15,7 @@
 ####################
 
 ## Main data folder
-DATA_FOLDER=/srv/vaultwarden
+# DATA_FOLDER=/srv/vaultwarden
 
 ## Individual folders, these override %DATA_FOLDER%
 # RSA_KEY_FILENAME=data/rsa_key
@@ -388,7 +388,7 @@ SIGNUPS_ALLOWED=false
 ## New Argon2 PHC string
 ## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
 ## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
-# ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
+ADMIN_TOKEN={{ vaultwarden_admin_token }}
 ## Old plain text string (Will generate warnings in favor of Argon2)
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp