diff --git a/.ansible/roles/lockdown/defaults/main.yml b/.ansible/roles/lockdown/defaults/main.yml
index a09ebc6..7be22b0 100644
--- a/.ansible/roles/lockdown/defaults/main.yml
+++ b/.ansible/roles/lockdown/defaults/main.yml
@@ -2,14 +2,11 @@
 ---
 # defaults file for lockdown
 files_mode: no
-# create_groups:
-#   - group_name: "ftp"
 create_users:
   - username: "{{ hostvars[inventory_hostname]['passwords'][0].username }}"
     password: "{{ hostvars[inventory_hostname]['passwords'][0].password }}"
-    # ssh_authorize: yes
-# web_users:
-#   - caddy
-#   - www-data
 ssh_pubkey_filename_pattern: '.*\.pub'
 include_root_lock: yes
+gpg_private_keys_origin_host: localhost
+gpg_origin_private_keyids: [] # @NOTE list of gpg key ids from origin or source server
+gpg_origin_private_key_passwords: "{{ vaulted_gpg_origin_private_key_passwords }}" # @NOTE list of gpg key passwords from origin or source server