diff --git a/group_vars/all.yml b/group_vars/all.yml
index d2548122..d8315891 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -32,7 +32,7 @@
   ### ryandaniels.create_users
   users:
   - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password', 'password') }}"
+    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
     update_password: on_create
     ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
     use_sudo: yes
diff --git a/group_vars/docker.yml b/group_vars/docker.yml
index 40eb1864..d79d3504 100644
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@@ -20,7 +20,7 @@
   ### ryandaniels.create_users
   users:
   - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password', 'password') }}"
+    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
     update_password: on_create
     ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
     use_sudo: yes
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index bfbbe102..3d111fbd 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ
diff --git a/playbooks/base/1_bootstrap.yml b/playbooks/base/1_bootstrap.yml
index 620909aa..107d60f4 100644
--- a/playbooks/base/1_bootstrap.yml
+++ b/playbooks/base/1_bootstrap.yml
@@ -5,9 +5,25 @@
     max_fail_percentage: 20%
 
     roles:
-      - { role: robertdebock.bootstrap, tags: "bootstrap" }
-      - { role: ryandaniels.create_users, tags: "user", become: yes }
-      - { role: nickjj.ansible-user, tag: "ansible", become: yes }
+      - { role: robertdebock.bootstrap,
+        tags: "bootstrap"
+        }
+      - { role: ryandaniels.create_users,
+        tags: "user",
+        become: yes
+        }
+      - { role: nickjj.ansible-user,
+        tag: "ansible",
+        become: yes,
+        ansible_password: "{{ lookup('keepass', 'linux_mg_user_password_cleartext', 'password') }}",
+        ansible_become_password: "{{ lookup('keepass', 'linux_mg_user_password_cleartext', 'password') }}"
+        }
+    tasks:
+      - name: Change user password
+        user:
+          name: mg
+          update_password: always
+          password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
 
     vars:
       ### nickjj.ansible-users
diff --git a/playbooks/on-off/set_password_mg.yml b/playbooks/on-off/set_password_mg.yml
new file mode 100644
index 00000000..852c8cd4
--- /dev/null
+++ b/playbooks/on-off/set_password_mg.yml
@@ -0,0 +1,14 @@
+---
+- hosts: all
+  become: yes
+  tasks:
+    - name: Change user password
+      user:
+        name: mg
+        update_password: always
+        password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" #hier muss der hash rein
+
+# Hash erstellen
+# python -c 'import crypt,getpass; print(getpass.getpass("Name: ")+":"+crypt.crypt(getpass.getpass(),crypt.mksalt(crypt.METHOD_SHA512)))'
+# oder
+# mkpasswd --method=SHA-512 <passwort>