diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index cdf7649..a1809cb 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,7 +1,7 @@
 [defaults]
 roles_path=~/.ansible/roles:roles:/usr/share/ansible/roles:/etc/ansible/roles
 inventory=inventory
-#vault_password_file=util/secret-service-client.sh
+vault_password_file=util/secret-service-client.sh
 interpreter_python=/usr/bin/python3
 
 [diff]
diff --git a/ansible/inventory/host_vars/thecloud.yml b/ansible/inventory/host_vars/thecloud.yml
index c2a4b39..04c7e52 100644
--- a/ansible/inventory/host_vars/thecloud.yml
+++ b/ansible/inventory/host_vars/thecloud.yml
@@ -5,3 +5,15 @@ apt_install_packages:
   - qemu-guest-agent
 
 nfs_exports: []
+
+redis_bind_interface: 0.0.0.0
+redis_requirepass: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  37323965303638333264653936616563323235363463396330363836653865393835346263383838
+  3030386166316365633538353539623066626434313332390a616131303434373264633934356361
+  30356335643638656433326230363462373533396533366261346630353163353137333865303132
+  3536636165366631310a643538353331366130663464386565343331653031333061333330613532
+  34663932653734336239303536323331396435386332666133343033373566386562326136656330
+  63393766353063646361643565323238376334333637363232626139333664643065613237666532
+  31623032613763303136353232323837376637336431306534306336356165363039666634336433
+  30376464323862373833
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index 866196a..1a676d7 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -4,3 +4,5 @@
 - name: cloudinit_wait
   src: https://git.kun.is/pim/ansible-role-cloudinit-wait
   scm: git
+- name: redis
+  src: https://github.com/geerlingguy/ansible-role-redis
diff --git a/ansible/thecloud.yml b/ansible/thecloud.yml
index f019457..2b7a0d8 100644
--- a/ansible/thecloud.yml
+++ b/ansible/thecloud.yml
@@ -8,9 +8,17 @@
 - name: Setup NFS
   hosts: thecloud
 
+  pre_tasks:
+    - name: Symlink redis data directory
+      file:
+        src: /mnt/data/redis
+        dest: /var/lib/redis
+        state: link
+
   roles:
     - {role: apt, tags: apt}
     - {role: postgresql, tags: postgresql}
+    - {role: redis, tags: redis}
 
   post_tasks:
     - name: Ensure NFS exports directory exists
diff --git a/ansible/util/secret-service-client.sh b/ansible/util/secret-service-client.sh
new file mode 100755
index 0000000..b4c9bb5
--- /dev/null
+++ b/ansible/util/secret-service-client.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+pass=`secret-tool lookup ansible_vault shoarma`
+retval=$?
+
+if [ $retval -ne 0 ]; then
+	read -s pass
+fi
+echo $pass