diff --git a/ansible/playbooks/vars/common.yml b/ansible/playbooks/vars/common.yml
index 98fd358..b73c759 100644
--- a/ansible/playbooks/vars/common.yml
+++ b/ansible/playbooks/vars/common.yml
@@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
 # Requires jinja 2.9+
 rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
 # This will need to be vaulted
-# rocky_ldap_bind_pw: "ThisIsNotThePassword!"
+rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
diff --git a/ansible/playbooks/vars/gitlab.yml b/ansible/playbooks/vars/gitlab.yml
index 31a0718..2529b2f 100644
--- a/ansible/playbooks/vars/gitlab.yml
+++ b/ansible/playbooks/vars/gitlab.yml
@@ -63,7 +63,7 @@ gitlab_nginx_listen_https: "false"
 
 gitlab_default_theme: 2
 
-gitlab_external_db: false
+gitlab_external_db: true
 gitlab_external_db_host: db.rockylinux.org
 gitlab_external_db_user: gitlab
-gitlab_external_db_password: gitlab
+gitlab_external_db_password: "{{ gitlab_db_pass }}"
diff --git a/ansible/playbooks/vars/vaults/encpass.yml b/ansible/playbooks/vars/vaults/encpass.yml
index 6d7cd0f..be2f325 100644
--- a/ansible/playbooks/vars/vaults/encpass.yml
+++ b/ansible/playbooks/vars/vaults/encpass.yml
@@ -22,3 +22,6 @@ koji_db_pass: !vault |
 pubsub_federation_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           REDACTED
+gitlab_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          REDACTED