diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2
index fa72ef33..c3652753 100644
--- a/docker-compose/nextcloud/docker-compose.yml.j2
+++ b/docker-compose/nextcloud/docker-compose.yml.j2
@@ -11,15 +11,15 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - db:/var/lib/mysql
     environment:
-      MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_root_password', 'password') }}"
-      MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
+      MYSQL_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_root_password', 'password') }}"
+      MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
       MYSQL_DATABASE: nextcloud
       MYSQL_USER: nextcloud
       MYSQL_INITDB_SKIP_TZINFO: 1
     networks:
       - intern
     healthcheck:
-      test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"]
+      test: ["CMD", "mariadb-show", "nextcloud", "-h", "localhost", "-u", "nextcloud", "-p{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -39,9 +39,9 @@ services:
       - intern
     restart: unless-stopped
     pull_policy: missing
-    command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
+    command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
     healthcheck:
-      test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
+      test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"]
       interval: 5s
       timeout: 2s
       retries: 3
@@ -73,15 +73,15 @@ services:
     environment:
         # redis
         REDIS_HOST: nextcloud-redis
-        REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_redis_host_password', 'password') }}"
+        REDIS_HOST_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
         # mysql
         MYSQL_DATABASE: nextcloud
         MYSQL_USER: nextcloud
-        MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_mysql_password', 'password') }}"
+        MYSQL_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_mysql_password', 'password') }}"
         MYSQL_HOST: nextcloud-db
         # admin
         NEXTCLOUD_ADMIN_USER: n-admin
-        NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud_admin_user_password', 'password') }}"
+        NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_admin_user_password', 'password') }}"
         # misc
         NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
         PHP_MEMORY_LIMIT: 1024M
diff --git a/docker-compose/nextcloud/ldap.sh.j2 b/docker-compose/nextcloud/ldap.sh.j2
index fc49f6f2..14db6569 100644
--- a/docker-compose/nextcloud/ldap.sh.j2
+++ b/docker-compose/nextcloud/ldap.sh.j2
@@ -2,7 +2,7 @@
 
 # Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
 # lldap_bind_user=nextcloud_bind_user
-# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
+# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
 # lldap_bind_user_groups=lldap_strict_readonly
 
 php occ app:install user_ldap
@@ -15,7 +15,7 @@ php occ ldap:set-config s01 ldapPort 3890
 # EDIT: admin user
 php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
 # EDIT: password
-php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
+php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_lldap_bind_user_pass', 'password') }}"
 # EDIT: Base DN
 php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
 php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index eb4b7641..7bc7f45a 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ