diff --git a/deploy.yml b/deploy.yml
index e2c141a..2bba461 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -154,12 +154,15 @@
     - snitch
     - suricata
   become: true
+  tags: lbu
   post_tasks:
     - name: lbu commit
       # I use the shell module instead of the lbu one because the lbu module
       # doesn't seem to work with encryption
       shell:
         cmd: lbu commit
+      environment:
+        PASSWORD: '{{ lbu_password }}'
       when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]
 
 - name: mount ro
diff --git a/host_vars/suricata/main.yml b/host_vars/suricata/main.yml
index 304a7df..97873c1 100644
--- a/host_vars/suricata/main.yml
+++ b/host_vars/suricata/main.yml
@@ -1,8 +1,9 @@
 ---
+
 lbu_password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          38393166366336363734333231633439656233616534303566353830396537346161656162353635
-          3735383436396566336430626439653331396434346232650a373830646233303061313139373834
-          39626462666363613430653932313866363037333166653839383332323035653231303634343830
-          3933313132393734660a336263323931326466643162343430623339313661393665336261313937
-          34386134643736623534363538343439656262616436306130363033363735396261
+          36313834643636363130326335656562343535663138363430343063333466656163646339396338
+          3432336466323663623465316439613264336636343233350a363831326666646663343230616364
+          39643666313166623336316139316133303534363030303238386236653133656233373064633431
+          3364336538633635640a623531336236643466643964303232643833636539303066303738356637
+          61653435613830633038363461373164373765373764313739623066313834306362