diff --git a/roles/containers/defaults/main.yml b/roles/containers/defaults/main.yml
index 62b82d6..262e255 100644
--- a/roles/containers/defaults/main.yml
+++ b/roles/containers/defaults/main.yml
@@ -21,9 +21,9 @@ wanda_postgres_db: wandadb
 rabbitmq_username: trento
 rabbitmq_host: host.docker.internal
 rabbitmq_vhost: "trento"
-secret_key_base: "{{ lookup('community.general.random_string', base64=True, length=64) }}"
-access_token_secret: "{{ lookup('community.general.random_string', base64=True, length=64) }}"
-refresh_token_secret: "{{ lookup('community.general.random_string', base64=True, length=64) }}"
+secret_key_base: ""
+access_token_secret: ""
+refresh_token_secret: ""
 web_admin_username: admin
 enable_api_key: "true"
 enable_charts: "true"
diff --git a/roles/containers/tasks/main.yml b/roles/containers/tasks/main.yml
index 2bd5ff8..5454139 100644
--- a/roles/containers/tasks/main.yml
+++ b/roles/containers/tasks/main.yml
@@ -1,5 +1,15 @@
 # code: language=ansible
 ---
+- name: Create secrets
+  no_log: true
+  ansible.builtin.set_fact: # noqa: var-naming[no-jinja]
+    "{{ item }}": "{{ lookup('community.general.random_string', base64=True, length=64) }}"
+  when: lookup('vars', item) == ""
+  loop:
+    - secret_key_base
+    - access_token_secret
+    - refresh_token_secret
+
 - name: Install docker python management deps
   ansible.builtin.pip:
     name: