diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index da6e6b4415e22821f3be4befb6701e4cdce87ea9..63e2668eb6931d9803715d21ec09fc0a679c8fd5 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -1,6 +1,8 @@
 ---
 
-soctoolsproxy: "arne-centos2.cert-labs.uninett.no"
+soctoolsproxy: "<CHANGE_ME:hostname>"
+
+docker_build_dir: "{{playbook_dir}}/build"
 
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
@@ -10,7 +12,7 @@ THEHIVE_OWNER: "admin"
 soctools_netname: "soctoolsnet"
 soctools_network: "172.22.0.0/16"
 
-repo: gn43-dsl
+repo: soctools
 version: 7
 suffix: a20201004
 
@@ -45,14 +47,10 @@ cassandra_img: "{{repo}}/cassandra:{{version}}{{suffix}}"
 
 thehive_name: "soctools-thehive"
 thehive_img: "{{repo}}/thehive:{{version}}{{suffix}}"
-# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
-thehive_secret_key: "LcnI9eKLo33711BmCnzf6UM1y05pdmj3dlADL81PxuffWqhobRoiiGFftjNPKpmM"
 
 cortex_name: "soctools-cortex"
 cortex_img: "{{repo}}/cortex:{{version}}{{suffix}}"
 cortex_elasticsearch_mem: "256m"
-# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
-cortex_secret_key: "9CZ844IcAp5dHjsgU4iuaEssdopLcS6opzhVP3Ys4t4eRpNlHmwZdtfveLEXpM9D"
 
 sysctlconfig:
   - { key: "net.core.rmem_max", val: "4194304" }
@@ -69,8 +67,6 @@ ca_cn: "SOCTOOLS-CA"
 
 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
 odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
-# GENERATE 32-bit secure value
-odfekibana_cookie: "iroAm0ueIV7w6CS1WcJTwIV6R4d5RIAt"
 #elk_version: "oss-7.6.1"
 elk_version: "oss-7.4.2"
 #odfeplugin_version: "1.7.0.0"
@@ -89,6 +85,20 @@ maxmind_key: ""
 
 misp_dbname: "mispdb"
 misp_dbuser: "misp"
-# misp_salt generated with: openssl rand -base64 32
-#misp_odic_crypto_pass: 1234567890 #TODO: Generate dynamically
-#misp_crypto_pass: 1234567890 #TODO: Generate dynamically
+
+services:
+  - mysql
+  - haproxy
+  - openjdk
+  - zookeeper
+  - nifi
+  - elasticsearch
+  - kibana
+  - odfees
+  - odfekibana
+  - keycloak
+  - misp
+  - cassandra
+  - thehive
+  - cortex
+
diff --git a/roles/build/files/cassandrasupervisord.conf b/roles/build/files/cassandra/cassandrasupervisord.conf
similarity index 100%
rename from roles/build/files/cassandrasupervisord.conf
rename to roles/build/files/cassandra/cassandrasupervisord.conf
diff --git a/roles/build/files/cortexsupervisord.conf b/roles/build/files/cortex/cortexsupervisord.conf
similarity index 100%
rename from roles/build/files/cortexsupervisord.conf
rename to roles/build/files/cortex/cortexsupervisord.conf
diff --git a/roles/build/files/haproxysupervisord.conf b/roles/build/files/haproxy/haproxysupervisord.conf
similarity index 100%
rename from roles/build/files/haproxysupervisord.conf
rename to roles/build/files/haproxy/haproxysupervisord.conf
diff --git a/roles/build/files/keycloaksupervisord.conf b/roles/build/files/keycloak/keycloaksupervisord.conf
similarity index 100%
rename from roles/build/files/keycloaksupervisord.conf
rename to roles/build/files/keycloak/keycloaksupervisord.conf
diff --git a/roles/build/files/kibanasupervisord.conf b/roles/build/files/kibana/kibanasupervisord.conf
similarity index 100%
rename from roles/build/files/kibanasupervisord.conf
rename to roles/build/files/kibana/kibanasupervisord.conf
diff --git a/roles/build/files/misp_rh-php72-php-fpm b/roles/build/files/misp/misp_rh-php72-php-fpm
similarity index 100%
rename from roles/build/files/misp_rh-php72-php-fpm
rename to roles/build/files/misp/misp_rh-php72-php-fpm
diff --git a/roles/build/files/misp/mispstart.sh b/roles/build/files/misp/mispstart.sh
new file mode 100644
index 0000000000000000000000000000000000000000..d6a5fc0fc4f104e832265adc1ebfefa722e289ac
--- /dev/null
+++ b/roles/build/files/misp/mispstart.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#dockerfile from ansible
+
+# Check if run as root
+if [ "$EUID" -eq 0 ]; then
+    echo "Please DO NOT run the worker script as root"
+    exit 1
+fi
+
+PATH_TO_MISP='/var/www/MISP'
+RUN_PHP="/usr/bin/scl enable rh-php72"
+PHP_INI="/etc/opt/rh/rh-php72/php.ini"
+CAKE="${PATH_TO_MISP}/app/Console/cake"
+
+# Extract base directory where this script is and cd into it
+cd "${0%/*}"
+$RUN_PHP -- $CAKE CakeResque.CakeResque stop --all
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue default
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue prio
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue cache
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue email
+$RUN_PHP -- $CAKE CakeResque.CakeResque start --interval 5 --queue update
+$RUN_PHP -- $CAKE CakeResque.CakeResque startscheduler --interval 5
+
+exit 0
diff --git a/roles/build/files/mispsupervisord.conf b/roles/build/files/misp/mispsupervisord.conf
similarity index 100%
rename from roles/build/files/mispsupervisord.conf
rename to roles/build/files/misp/mispsupervisord.conf
diff --git a/roles/build/files/mysqlsupervisord.conf b/roles/build/files/mysql/mysqlsupervisord.conf
similarity index 100%
rename from roles/build/files/mysqlsupervisord.conf
rename to roles/build/files/mysql/mysqlsupervisord.conf
diff --git a/roles/build/files/nifisupervisord.conf b/roles/build/files/nifi/nifisupervisord.conf
similarity index 100%
rename from roles/build/files/nifisupervisord.conf
rename to roles/build/files/nifi/nifisupervisord.conf
diff --git a/roles/build/files/odfesupervisord.conf b/roles/build/files/odfees/odfesupervisord.conf
similarity index 100%
rename from roles/build/files/odfesupervisord.conf
rename to roles/build/files/odfees/odfesupervisord.conf
diff --git a/roles/build/files/thehivesupervisord.conf b/roles/build/files/thehive/thehivesupervisord.conf
similarity index 100%
rename from roles/build/files/thehivesupervisord.conf
rename to roles/build/files/thehive/thehivesupervisord.conf
diff --git a/roles/build/files/zookeepersupervisord.conf b/roles/build/files/zookeeper/zookeepersupervisord.conf
similarity index 100%
rename from roles/build/files/zookeepersupervisord.conf
rename to roles/build/files/zookeeper/zookeepersupervisord.conf
diff --git a/roles/build/tasks/cassandra.yml b/roles/build/tasks/cassandra.yml
deleted file mode 100644
index 1c0a2c6930135fe01a0e9e872e036f6c911eccd3..0000000000000000000000000000000000000000
--- a/roles/build/tasks/cassandra.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the cassandra Dockerfile
-  template:
-    src: cassandra/Dockerfile.j2
-    dest: "{{role_path}}/files/cassandraDockerfile"
-
-- name: Build cassandra image
-  command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/cortex.yml b/roles/build/tasks/cortex.yml
deleted file mode 100644
index 9a5adbef67cf1fee1f7eb48f23e4d083a8c6631d..0000000000000000000000000000000000000000
--- a/roles/build/tasks/cortex.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the Cortex Dockerfile
-  template:
-    src: cortex/Dockerfile.j2
-    dest: "{{role_path}}/files/cortexDockerfile"
-
-- name: Build the Cortex image
-  command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/haproxy.yml b/roles/build/tasks/haproxy.yml
deleted file mode 100644
index 9cb45f840be6ad255b6420abcabc83fbed79b96a..0000000000000000000000000000000000000000
--- a/roles/build/tasks/haproxy.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: Configure the haproxy Dockerfile
-  template:
-    src: haproxy/Dockerfile.j2
-    dest: "{{role_path}}/files/haproxyDockerfile"
-
-- name: Build haproxy image
-  command: docker build -t {{repo}}/haproxy:{{version}}{{suffix}} -f {{role_path}}/files/haproxyDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/keycloak.yml b/roles/build/tasks/keycloak.yml
deleted file mode 100644
index f7a7c2b1989bf013e7a23a1646e7d7e62500098e..0000000000000000000000000000000000000000
--- a/roles/build/tasks/keycloak.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Configure the keycloak Dockerfile
-  template:
-    src: keycloak/Dockerfile.j2
-    dest: "{{role_path}}/files/keycloakDockerfile"
-
-- name: Copy tools to build path
-  command: "cp -av {{role_path}}/templates/keycloak/keycloak-tools/ {{role_path}}/files/keycloak-tools/"
-
-- name: Build keycloak image
-  command: docker build -t {{repo}}/keycloak:{{version}}{{suffix}} -f {{role_path}}/files/keycloakDockerfile {{role_path}}/files
-
-- name: Remove tools from build path
-  file:
-    path: "{{role_path}}/files/keycloak-tools/"
-    state: absent
-
diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml
index e08a9cf271fd3bab9ba3b2f72f87e2eec3efdc54..eee4ba0ee19f8eda382bed26c1e9dacf11706469 100644
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@@ -6,15 +6,41 @@
     fail_msg: "Review *all* settings in group_vars/all/main.yml"
 
 - include: centos.yml
-- include: mysql.yml
-- include: haproxy.yml
-- include: openjdk.yml
-- include: zookeeper.yml
-- include: nifi.yml
-- include: odfees.yml
-- include: odfekibana.yml
-- include: keycloak.yml
-- include: misp.yml
-- include: cassandra.yml
-- include: thehive.yml
-- include: cortex.yml
+
+- name: Create main build dir
+  file:
+    path: "{{docker_build_dir}}"
+    state: directory
+
+- name: Create build dir
+  file:
+    path: "{{docker_build_dir}}/{{item}}"
+    state: directory
+  with_items: "{{services}}"
+
+- name: Configure the Dockerfile
+  template:
+    src: "{{item}}/Dockerfile.j2"
+    dest: "{{docker_build_dir}}/{{item}}/Dockerfile"
+  with_items: "{{services}}"
+
+- name: Copy thehive_button to build path
+  copy:
+    src: "{{role_path}}/templates/odfekibana/thehive_button"
+    dest: "{{docker_build_dir}}/odfekibana/"
+
+- name: Copy keycloak-tools to build path
+  copy:
+    src: "{{role_path}}/templates/keycloak/keycloak-tools"
+    dest: "{{docker_build_dir}}/keycloak/"
+
+- name: Copy build files
+  copy:
+    src: "files/{{item}}/"
+    dest: "{{docker_build_dir}}/{{item}}/"
+  with_items: "{{services}}"
+  ignore_errors: yes
+
+- name: Build image
+  command: docker build -t {{repo}}/{{item}}:{{version}}{{suffix}} -f {{docker_build_dir}}/{{item}}/Dockerfile {{docker_build_dir}}/{{item}}
+  with_items: "{{services}}"
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
deleted file mode 100644
index 3bfe7c9d9a9757db78964597dbfa4c3bff6aeacf..0000000000000000000000000000000000000000
--- a/roles/build/tasks/misp.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Configure the misp Dockerfile
-  template:
-    src: misp/Dockerfile.j2
-    dest: "{{role_path}}/files/mispDockerfile"
-
-- name: Configure the misp worker startscript
-  template:
-    src: misp/start.sh.j2
-    dest: "{{role_path}}/files/mispstart.sh"
-
-- name: Build misp image
-  command: docker build -t {{repo}}/misp:{{version}}{{suffix}} -f {{role_path}}/files/mispDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
deleted file mode 100644
index 75d9625f8e906d5ad6884120c21f3c76629f9141..0000000000000000000000000000000000000000
--- a/roles/build/tasks/mysql.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: Configure the mysql Dockerfile
-  template:
-    src: mysql/Dockerfile.j2
-    dest: "{{role_path}}/files/mysqlDockerfile"
-
-- name: Build mysql image
-  command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/nifi.yml b/roles/build/tasks/nifi.yml
deleted file mode 100644
index 423978d987b5ced99a995ddc5a3e733cf56504da..0000000000000000000000000000000000000000
--- a/roles/build/tasks/nifi.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the nifi Dockerfile
-  template:
-    src: nifi/Dockerfile.j2
-    dest: "{{role_path}}/files/nifiDockerfile"
-
-- name: Build nifi image
-  command: docker build -t {{repo}}/nifi:{{version}}{{suffix}} -f {{role_path}}/files/nifiDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/odfees.yml b/roles/build/tasks/odfees.yml
deleted file mode 100644
index 5741223fdd61d30801eec2fc4c2bdbe1fdb7ed36..0000000000000000000000000000000000000000
--- a/roles/build/tasks/odfees.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Configure elasticsearch Dockerfile
-  template:
-    src: odfees/Dockerfile-elastic.j2
-    dest: "{{role_path}}/files/elasticDockerfile"
-
-- name: Build elasticsearch image
-  command: docker build -t {{repo}}/elasticsearch:{{version}}{{suffix}} -f {{role_path}}/files/elasticDockerfile {{role_path}}/files
-
-- name: Configure odfe elasticsearch Dockerfile
-  template:
-    src: odfees/Dockerfile-odfeelastic.j2
-    dest: "{{role_path}}/files/odfeesDockerfile"
-
-- name: Build odfe elasticsearch image
-  command: docker build -t {{repo}}/odfees:{{version}}{{suffix}} -f {{role_path}}/files/odfeesDockerfile {{role_path}}/files
-
diff --git a/roles/build/tasks/odfekibana.yml b/roles/build/tasks/odfekibana.yml
deleted file mode 100644
index 8e1980a7680f5f23b7370d61dba057e457430291..0000000000000000000000000000000000000000
--- a/roles/build/tasks/odfekibana.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: Configure kibana Dockerfile
-  template:
-    src: odfekibana/Dockerfile-kibana.j2
-    dest: "{{role_path}}/files/kibanaDockerfile"
-
-- name: Copy tools to build path
-  command: "cp -av {{role_path}}/templates/odfekibana/thehive_button/ {{role_path}}/files/thehive_button/"
-
-- name: Build kibana image
-  command: docker build -t {{repo}}/kibana:{{version}}{{suffix}} -f {{role_path}}/files/kibanaDockerfile {{role_path}}/files
-
-- name: Configure odfe kibana Dockerfile
-  template:
-    src: odfekibana/Dockerfile-odfekibana.j2
-    dest: "{{role_path}}/files/odfekibanaDockerfile"
-
-- name: Build odfe kibana image
-  command: docker build -t {{repo}}/odfekibana:{{version}}{{suffix}} -f {{role_path}}/files/odfekibanaDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/openjdk.yml b/roles/build/tasks/openjdk.yml
deleted file mode 100644
index 8754ac7fdf7d6147ab522f936b8888a5fd5a7e60..0000000000000000000000000000000000000000
--- a/roles/build/tasks/openjdk.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the openjdk Dockerfile
-  template:
-    src: openjdk/Dockerfile.j2
-    dest: "{{role_path}}/files/openjdkDockerfile"
-
-- name: Build openjdk image
-  command: docker build -t {{repo}}/openjdk:{{version}}{{suffix}} -f {{role_path}}/files/openjdkDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/thehive.yml b/roles/build/tasks/thehive.yml
deleted file mode 100644
index 35fe08ebf7d5da456a40f0a0de273d102d5eada2..0000000000000000000000000000000000000000
--- a/roles/build/tasks/thehive.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure theHive Dockerfile
-  template:
-    src: thehive/Dockerfile.j2
-    dest: "{{role_path}}/files/thehiveDockerfile"
-
-- name: Build theHive image
-  command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/tasks/zookeeper.yml b/roles/build/tasks/zookeeper.yml
deleted file mode 100644
index a61a6b397f8d1d34559da24f290df8ea93b85f94..0000000000000000000000000000000000000000
--- a/roles/build/tasks/zookeeper.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Configure the zookeeper Dockerfile
-  template:
-    src: zookeeper/Dockerfile.j2
-    dest: "{{role_path}}/files/zookeeperDockerfile"
-
-- name: Build zookeeper image
-  command: docker build -t {{repo}}/zookeeper:{{version}}{{suffix}} -f {{role_path}}/files/zookeeperDockerfile {{role_path}}/files
-
-
diff --git a/roles/build/templates/odfees/Dockerfile-elastic.j2 b/roles/build/templates/elasticsearch/Dockerfile.j2
similarity index 100%
rename from roles/build/templates/odfees/Dockerfile-elastic.j2
rename to roles/build/templates/elasticsearch/Dockerfile.j2
diff --git a/roles/build/templates/keycloak/Dockerfile.j2 b/roles/build/templates/keycloak/Dockerfile.j2
index f6c1206d5fc3579a7cd43f976feed6f4e0b60f59..561a6466f121ee2462dab388ed99a580f16ba39c 100644
--- a/roles/build/templates/keycloak/Dockerfile.j2
+++ b/roles/build/templates/keycloak/Dockerfile.j2
@@ -27,6 +27,7 @@ RUN yum -y install openssl supervisor rsync && yum -y clean all && \
     adduser -u 1000 -g 0 -d /opt/jboss jboss && \
     chown -R jboss:root /opt/jboss && \
     chmod -R g+rwX /opt/jboss && \
+    chmod a+x /opt/jboss/tools/x509.sh && \ 
     mkdir -p /etc/x509/{https,ca} && chown -R jboss:root /etc/x509/{https,ca}
 
 ENV PATH="/opt/jboss/keycloak/bin:${PATH}"
diff --git a/roles/build/templates/kibana/Dockerfile.j2 b/roles/build/templates/kibana/Dockerfile.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ef2a4768f809d02b8320cb90963ea701cbddec16
--- /dev/null
+++ b/roles/build/templates/kibana/Dockerfile.j2
@@ -0,0 +1,23 @@
+FROM {{repo}}/centos:{{version}}{{suffix}}
+
+RUN yum install -y supervisor
+RUN yum clean all
+
+ENV PATH="/usr/share/kibana/bin:${PATH}"
+
+RUN groupadd -g 1000 kibana && \
+    adduser -u 1000 -g 1000 -d /usr/share/kibana kibana
+
+WORKDIR /usr/share/kibana
+
+RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
+    rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-{{elk_version}}-x86_64.rpm && \
+    cp -a /etc/kibana/ /usr/share/kibana/config/ && \
+    chown -R kibana /usr/share/kibana/config/
+
+RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+EXPOSE 5601
+COPY kibanasupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2 b/roles/build/templates/odfees/Dockerfile.j2
similarity index 100%
rename from roles/build/templates/odfees/Dockerfile-odfeelastic.j2
rename to roles/build/templates/odfees/Dockerfile.j2
diff --git a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2 b/roles/build/templates/odfekibana/Dockerfile.j2
similarity index 100%
rename from roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
rename to roles/build/templates/odfekibana/Dockerfile.j2
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index 4d1ff58fcca9e55fd1437673ebf3bf864058d069..c7f8b0aaa38ae0c8a3cc7d4dea1a84784a3f69cc 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -6,7 +6,7 @@
 #
 # IMPORTANT: If you deploy your application to several  instances,  make
 # sure to use the same key.
-play.http.secret.key="{{cortex_secret_key}}"
+play.http.secret.key='{{lookup("password", "{{playbook_dir}}/secrets/passwords/cortex_secret_key")}}'
 
 ## ElasticSearch
 search {
diff --git a/roles/odfees/templates/config/elasticsearch.yml.j2 b/roles/odfees/templates/config/elasticsearch.yml.j2
index 5cae9eb487b720020c25d429973def12d01f840f..5e8e18fc2999f2622cca3b0c229265a379c49b44 100644
--- a/roles/odfees/templates/config/elasticsearch.yml.j2
+++ b/roles/odfees/templates/config/elasticsearch.yml.j2
@@ -30,11 +30,11 @@ cluster.initial_master_nodes:
 
 opendistro_security.ssl.transport.keystore_type: pkcs12
 opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.transport.keystore_password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
+opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
 #opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
 opendistro_security.ssl.transport.truststore_type: jks
 opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
-opendistro_security.ssl.transport.truststore_password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}
+opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
 opendistro_security.ssl.transport.enforce_hostname_verification: false
 
 opendistro_security.ssl.http.enabled: true
@@ -42,10 +42,10 @@ opendistro_security.ssl.http.enabled: true
 # opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.http.keystore_type: pkcs12
 opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.http.keystore_password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
+opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
 opendistro_security.ssl.http.truststore_type: jks
 opendistro_security.ssl.http.truststore_filepath: cacerts.jks
-opendistro_security.ssl.http.truststore_password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}
+opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
 #opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
 #opendistro_security.ssl.http.clientauth_mode: optional
 opendistro_security.allow_unsafe_democertificates: false
diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2
index aa445d73ab310cf78af7d68a2a41b6133b4adfb8..e676b3735c0f2f9ee59a2c7b3e19c020e04faa1b 100644
--- a/roles/odfekibana/templates/kibana.yml.j2
+++ b/roles/odfekibana/templates/kibana.yml.j2
@@ -46,7 +46,7 @@ opendistro_security.openid.root_ca: "/usr/share/kibana/config/ca.crt"
 opendistro_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
 
 opendistro_security.cookie.secure: true
-opendistro_security.cookie.password: "{{odfekibana_cookie}}"
+opendistro_security.cookie.password: {{lookup("password", "{{playbook_dir}}/secrets/passwords/kibana_cookiepassword length=32")}}
 
 server.ssl.enabled: true
 server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
index 6fa36eb370673fc95111327904af57738cabda58..d25e059818a773a6a4a48fb34196cc641f79e718 100644
--- a/roles/thehive/templates/application.conf.j2
+++ b/roles/thehive/templates/application.conf.j2
@@ -5,7 +5,7 @@
 ## Include Play secret key
 # More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
 #include "/etc/thehive/secret.conf"
-play.http.secret.key="{{thehive_secret_key}}"
+play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_secret_key')}}"
 
 ## Database configuration
 db.janusgraph {