diff --git a/system/ansible/store_password.md b/system/ansible/store_password.md
new file mode 100644
index 0000000..453f5b9
--- /dev/null
+++ b/system/ansible/store_password.md
@@ -0,0 +1,75 @@
+---
+title: "Store Host Password"
+tags: [ "system", "ansible" ]
+---
+
+Make a hosts file with one host (your computer) and one variable, just to test:
+
+```sh
+hosts_file=hosts
+fort="$(fortune -s | head -1)"
+cowvar=cowsays
+
+echo "[cows]
+$HOSTNAME $cowvar='${fort}'" > "${hosts_file}"
+```
+
+Now ansible should be able to show that '${cowvar}' in a debug message:
+
+```sh
+ansible -i "$hosts_file" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME
+```
+
+Now to convert the hosts file to yaml, because it's very fashionable:
+
+
+```sh
+yaml_hosts=hosts.yaml
+ansible-inventory -i ${hosts_file} --list -y | tee "${yaml_hosts}"
+```
+
+Now you should see where the `cowsays` variable goes.
+You can safely place your `sudo` password next to that variable goes with `ansible-vault`, which will encrypt just that string.
+
+```sh
+pass="your password"
+ansible-vault encrypt_string --name='ansible_sudo_pass' "${pass}"
+```
+
+If that works, you can add the password, but in `yaml` format.
+You can do this manually, or use `gawk` to add ten spaces in front of the lines:
+
+```sh
+pass="your password"
+ansible-vault encrypt_string --name='ansible_sudo_pass' "${pass}"  | awk '{print "          "  $0}' >> "${yaml_hosts}"
+```
+
+Now to check that the inventory file works okay:
+
+```sh
+ansible-inventory -i ${yaml_hosts} --list -y
+ansible -i "$hosts_file" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME
+```
+
+If that works, you can echo the debug message while becoming root.
+Just add the `-J` flag so it will ask for the password:
+
+```sh
+ansible -i "${yaml_hosts}" -m debug -a "msg='{{ ${cowvar} }}'" $HOSTNAME --become -J
+ansible -i "${yaml_hosts}" -m debug -a "msg={{ ansible_sudo_pass }}" $HOSTNAME --become -J
+```
+
+Now you can update using Ansible.
+
+For Arch Linux:
+
+```sh
+ansible -i "${yaml_hosts}" -m community.general.pacman -a 'upgrade=true update_cache=true' $HOSTNAME --become -J
+```
+
+For Debian:
+
+```sh
+ansible -i "${yaml_hosts}" -m ansible.builtin.apt -a 'upgrade=full' $HOSTNAME --become -J
+```
+