---
  - name: ensure group exists
    become: true
    ansible.builtin.group:
      name: "{{ sealed_secrets_user_group }}"
      state: present
    when:
      - sealed_secrets_user_group is defined

  - name: ensure user exists
    become: true
    ansible.builtin.user:
      name: "{{ sealed_secrets_user }}"
      group: "{{ sealed_secrets_user_group }}"
      create_home: no
    when:
      - sealed_secrets_user_group is defined
      - sealed_secrets_user is defined