diff --git a/.gitignore b/.gitignore
index 0047684..2930c68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+# passwords
+.env.yml
+
 # ---> Ansible
 *.retry
 
@@ -14,8 +17,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -39,4 +42,3 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
-
diff --git a/README.md b/README.md
index c2ea54d..200a251 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,11 @@ Teniamo libero il 10.10.0.21 per il povero container che sta venendo abbattuto e
 
 `ansible-galaxy collection install -r requirements.yml`
 
+In più, bisogna creare un file `.env.yml` nella root del progetto con questo template
+`
+PROXMOX_PASSWORD: "segretissima0"
+XMPP_PASSWORD: "segretissima1"
+`
 
 ### Per dare vita al container e alla configurazione di Prosody
 #### _mado quanto è swag sta cosa_
diff --git a/group_vars/all.yml b/group_vars/all.yml
index d72d304..b721fd3 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,4 +1,3 @@
 # Variabili per la creazione del container
-root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+# root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}" #dovrebbe essere nel file .env
 ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
-
diff --git a/group_vars/proxmox_nodes.yml b/group_vars/proxmox_nodes.yml
index 2f60dae..89b413b 100644
--- a/group_vars/proxmox_nodes.yml
+++ b/group_vars/proxmox_nodes.yml
@@ -1,3 +1,3 @@
 proxmox_host: 192.168.1.100:8006
 proxmox_user: root@pam
-proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}"
+# proxmox_password: "{{ lookup('env', 'PROXMOX_PASSWORD') }}" #dovrebbe essere nel file .env
diff --git a/playbooks/configure_lxc.yml b/playbooks/configure_lxc.yml
index 622e5ee..7578ba3 100644
--- a/playbooks/configure_lxc.yml
+++ b/playbooks/configure_lxc.yml
@@ -1,9 +1,13 @@
 - name: Configura container LXC
   hosts: lxc_containers
+  gather_facts: false
+  become: true
+
+  vars_files:
+    - ../.env.yml
+
   vars:
     ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
-  gather_facts: false
-  become: yes
 
   tasks:
     - name: Wait until SSH is fully ready (Ansible login confirms availability)
diff --git a/playbooks/configure_prosody.yml b/playbooks/configure_prosody.yml
index 52764b3..6c224ee 100644
--- a/playbooks/configure_prosody.yml
+++ b/playbooks/configure_prosody.yml
@@ -1,4 +1,6 @@
 - name: Configura Prosody (xmpp) sul container
   hosts: lxc_containers
+  vars_files:
+    - ../.env.yml
   roles:
     - prosody
diff --git a/playbooks/create_lxc.yml b/playbooks/create_lxc.yml
index 2a3efff..25ba4cd 100644
--- a/playbooks/create_lxc.yml
+++ b/playbooks/create_lxc.yml
@@ -1,8 +1,12 @@
 - name: Crea container lxc per prosody (xmpp)
   hosts: proxmox_nodes
   gather_facts: false
+
+  vars_files:
+    - ../.env.yml
+
   vars:
-    root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
+    # root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}" #dovrebbe essere nel file .env
     ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
     vmid: 121
 
@@ -11,7 +15,7 @@
       community.general.proxmox:
         api_host: "{{ proxmox_url }}"
         api_user: "{{ proxmox_user }}"
-        api_password: "{{ proxmox_password }}"
+        api_password: "{{ PROXMOX_PASSWORD }}"
         vmid: "{{ vmid }}"
         node: milan
         hostname: xmpp
@@ -22,7 +26,7 @@
         netif:
           net0: "name=eth0,bridge=vmbr1,ip=10.10.0.21/16,gw=10.10.0.1"
         pubkey: "{{ ssh_public_key }}"
-        password: "{{ root_password }}"
+        password: "{{ XMPP_PASSWORD }}"
         features: "nesting=1"
         state: present
       delegate_to: localhost
@@ -32,7 +36,7 @@
       community.general.proxmox:
         api_host: "{{ proxmox_url }}"
         api_user: "{{ proxmox_user }}"
-        api_password: "{{ proxmox_password }}"
+        api_password: "{{ PROXMOX_PASSWORD }}"
         vmid: "{{ vmid }}"
         node: milan
         state: started # Tutto questo blocco è riassumibile in questa riga
diff --git a/roles/prosody/defaults/main.yml b/roles/prosody/defaults/main.yml
index d4bf488..d484ae4 100644
--- a/roles/prosody/defaults/main.yml
+++ b/roles/prosody/defaults/main.yml
@@ -1,4 +1,4 @@
 prosody_domain: "xmpp.hackinpovo.it"
 prosody_admin: "admin@{{ prosody_domain }}"
 prosody_package: prosody
-xmpp_admin_password: "{{ lookup('env', 'XMPP_ADMIN_PASSWORD') }}"
+# xmpp_admin_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"  # Dovrebbe essere nel file .env.yml
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
index a1f8a64..a7857f2 100644
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@@ -19,10 +19,9 @@
     state: started
     enabled: yes
 
-- name: Create XMPP admin user
-  ansible.builtin.expect:
-    command: prosodyctl adduser admin@{{ xmpp_domain }}
-    responses:
-      "Enter new password:": "{{ xmpp_admin_password }}"
-      "Retype new password:": "{{ xmpp_admin_password }}"
-    become: yes
+- name: Create XMPP admin user non-interactively
+  ansible.builtin.command:
+    cmd: prosodyctl register admin {{ prosody_domain }} {{ XMPP_PASSWORD }}
+  args:
+    creates: "/var/lib/prosody/{{ prosody_domain }}/accounts/admin.dat"
+  become: yes