diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index a3b520e..09eb721 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -7,6 +7,7 @@ dns_axfr_ips:
 - 2001:470:600::2
 
 dss_domain: dss.binary-kitchen.de
+dss_secret: "{{ vault_dss_secret }}"
 
 gogs_domain: git.binary-kitchen.de
 gogs_dbname: gogs
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 694569f..c4bdb34 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,23 +1,25 @@
 $ANSIBLE_VAULT;1.1;AES256
-64353739333035313065616635646335313732653764326464323735613839326264633132316663
-3961633033373735373939326362386266376464353433390a323639313536363838303831303465
-61633562353666393136303830346536303436643334366432303539393065323537333836613461
-6563343335643164660a316262336262623239373863613562303531393734323430323730653066
-61383161616532623435643966626461656662323039326332346139623439626663353433386566
-61366264613036316638653263616238663635376366643164373366343961373761376161366530
-61643931623532363666326261646462356662306664633564616630303531643536316235386234
-33643538323338303230373564393863306366656331363564333263393435666265623665333935
-37373631633463376431636161336162376439386238643461663164666232326434333666326538
-32343464636465626664363934643461313066653261636234663939333032343966366533383966
-64663866333232656339303230356266633861393636616330663531363565653363653739356662
-31343764386661613230643630333961353063333531376566623335643733333239336462353434
-30346665623036353764376431336337303762373465393765396133646636336163646163373332
-64626637386164326264646438393137613336333832336636663634393637386539303830336637
-30353037363037383665643364303462663034363663323165393061626637616364393161323766
-31366632613931663565613534346139353338313130343435663133393461616362656330353637
-30386232396265323362356633303736656230656539616666386330363361613665666563373331
-33626132303536336562366537336566343836303338303638626161643235363032343262383639
-39393033666162313466323839353233343963653565376337383532303463386461393932613933
-65633030303939366630323931646337333831323863323865306135323163313235623834636139
-33376233346537626165373337303338323666393834303363633237646163663461356434323432
-3963373937616632356532396666333436356363616234306238
+37623461646334336463353434343836326161626164393862386461646664383165646661626266
+3732623932366265396465376633613563386535663732630a393336623331306434326438383636
+61313032623264376131366162303831663066616236653439323737663938366462323039613162
+3535356231333131610a613466633666323762646630663461353135303934303231363938653338
+33653466333738373461396432303765313935396439366566303338313938616632363266343738
+33346538333531326636653236663062326435343164333839656663383466646364333637313565
+30393561383236353833316563336435363835363661616561353734623464333365393639633935
+31356339313133393634383938306536643932616131363834653461616635323330366534356530
+66373636373662616239376566396164323863383134613135623263326431353463616337363561
+39376431623330373036653534356339663665373766306433366164613430313032336636653331
+31353165353131616634303138363064333066393566663039393165363866363262386136646661
+64653332623436303666613063346534323037646462373663613436666362366266303463373931
+38306664643338623566626339666433636638383032353161383431623963336263363431363333
+35353166353630323534336162333432326639623961323364396666393431393435643937303434
+36343534626230396130303735343061343661666161663434383862613637636138346630386238
+34656666383363333139333539363535633637333764343866643061346434313265343466656238
+32626665343065376635633266333835386661343333616535376162623734623863323633623939
+31383830306163373565326531623838656266316663393863633738383961646466396631343933
+36316437316463326633326338366365663564646663306431303530313939336630653539363833
+37373232306338636634383062616231306261383939316132366533663334353038333539663330
+30303764383138616633313662393661316332646135666566633939623233373737303964363636
+36306230656362383763666562396666313933643339656665656266653861386435313231623331
+61373433313237303764643362363336623635316364653139383261616366376430643330656131
+66616661613866613064
diff --git a/roles/bk-dss/defaults/main.yml b/roles/bk-dss/defaults/main.yml
index 1e4b52a..43f43da 100644
--- a/roles/bk-dss/defaults/main.yml
+++ b/roles/bk-dss/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 
 dss_uwsgi_port: 5001
+dss_version: 0.8.0
diff --git a/roles/bk-dss/tasks/main.yml b/roles/bk-dss/tasks/main.yml
index ce70653..c0ada80 100644
--- a/roles/bk-dss/tasks/main.yml
+++ b/roles/bk-dss/tasks/main.yml
@@ -14,7 +14,7 @@
   - uwsgi-plugin-python3
 
 - name: Install bk-dss
-  git: repo=https://git.binary-kitchen.de/moepman/bk-dss.git dest=/opt/bk-dss depth=1 version=9e0275eef219d514a30e9725778c94821a4c4fbf
+  git: repo=https://git.binary-kitchen.de/moepman/bk-dss.git dest=/opt/bk-dss depth=1 version={{ dss_version }}
 
 - name: Configure bk-dss
   template: src=config.cfg.j2 dest=/opt/bk-dss/config.cfg
diff --git a/roles/bk-dss/templates/config.cfg.j2 b/roles/bk-dss/templates/config.cfg.j2
index d800f4e..a29afa9 100644
--- a/roles/bk-dss/templates/config.cfg.j2
+++ b/roles/bk-dss/templates/config.cfg.j2
@@ -1,8 +1,8 @@
 DEBUG = True
-SECRET_KEY = "CHANGE!ME"
+SECRET_KEY = "{{ dss_secret }}"
 SESSION_TIMEOUT = 3600
 
-LDAP_CA = "/etc/ldap/ssl/BKCA.crt"
+LDAP_CA = "/usr/local/share/ca-certificates/BKCA.crt"
 LDAP_URI = "ldaps://{{ ldap_host }}"
 LDAP_BASE = "{{ ldap_base }}"