There are a few places you'll want to set/change passwords:


  • vault_mysql_root_password
  • vault_users.*.password
  • vault_wordpress_sites.*.env.db_password


  • vault_wordpress_sites.admin_password


  • vault_mail_password

For staging/production environments, it's best to randomly generate longer passwords using something like

You may be concerned about setting plaintext passwords in a Git repository, and you should be. We strongly recommend you encrypt these passwords before committing them to your repo. Trellis is structured to make it easy to enable Ansible Vault to encrypt select files. Alternatively, you could try an option such as git-crypt.

Note: Any type of server configs such as this playbook should always be in a private Git repository.

Join over 6,000 subscribers on our newsletter to get the latest Roots updates, along with occasional tips on building better WordPress sites.

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

“Easily the best WordPress email I get.” Colin OBrien

Follow us on Twitter @rootswp

Ready to checkout?