diff --git a/roles/connect_realm/defaults/main.yml b/roles/connect_realm/defaults/main.yml
index 095db68..2bea3ce 100644
--- a/roles/connect_realm/defaults/main.yml
+++ b/roles/connect_realm/defaults/main.yml
@@ -2,10 +2,10 @@
 
 # TODO inject by management portal
 connect_client_admin_username: "connect-admin"
-connect_client_admin_password: "connect-admin"
+connect_client_admin_password: "C0nnect-Admin!"
 # TODO inject by management portal
 connect_realm_admin_username: "connect-realm-admin"
-connect_realm_admin_password: "connect-realm-admin"
+connect_realm_admin_password: "C0nnect-Realm-Admin!"
 
 current_realm_clients: [
   {
diff --git a/roles/gitea_realm/tasks/main.yml b/roles/gitea_realm/tasks/main.yml
index 795609f..1091c13 100644
--- a/roles/gitea_realm/tasks/main.yml
+++ b/roles/gitea_realm/tasks/main.yml
@@ -11,6 +11,8 @@
   include_role:
     name: keycloak
     tasks_from: _configure_realm
+  vars:
+    current_realm_password_policy: ''
 
 - name: "Create realm users"
   include_role:
diff --git a/roles/harbor_realm/tasks/main.yml b/roles/harbor_realm/tasks/main.yml
index a17fd68..8a09695 100644
--- a/roles/harbor_realm/tasks/main.yml
+++ b/roles/harbor_realm/tasks/main.yml
@@ -9,6 +9,8 @@
   include_role:
     name: keycloak
     tasks_from: _configure_realm
+  vars:
+    current_realm_password_policy: ''
 
 - name: "Create realm users"
   include_role:
@@ -36,4 +38,4 @@
     destination_group: '{{ item.destination_group }}'
   loop: "{{ current_user_groupmembership }}"
   loop_control:
-    label: "{{ item.username }} >> {{ item.destination_group }}"
\ No newline at end of file
+    label: "{{ item.username }} >> {{ item.destination_group }}"
diff --git a/roles/keycloak/tasks/_configure_realm.yml b/roles/keycloak/tasks/_configure_realm.yml
index 71d5886..ba2aafe 100644
--- a/roles/keycloak/tasks/_configure_realm.yml
+++ b/roles/keycloak/tasks/_configure_realm.yml
@@ -19,6 +19,7 @@
     duplicate_emails_allowed: yes
     internationalization_enabled: yes
     default_locale: "de"
+    password_policy: "{{ current_realm_password_policy | default('forceExpiredPasswordChange(60) and passwordHistory(3) and length(8) and notUsername(undefined) and upperCase(2) and lowerCase(2) and specialChars(2) and digits(1)') }}"
     supported_locales:
     - "de"
     - "en"
diff --git a/roles/kubernetes/argocd/tasks/main.yml b/roles/kubernetes/argocd/tasks/main.yml
index 288abcf..b212152 100644
--- a/roles/kubernetes/argocd/tasks/main.yml
+++ b/roles/kubernetes/argocd/tasks/main.yml
@@ -18,6 +18,7 @@
     current_realm_name: '{{ argo_realm_name }}'
     current_realm_display_name: '{{ argo_realm_display_name }}'
     create_client: False
+    current_realm_password_policy: ''
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
   args:
diff --git a/roles/workflow_proxy_realm/tasks/main.yml b/roles/workflow_proxy_realm/tasks/main.yml
index 795609f..1091c13 100644
--- a/roles/workflow_proxy_realm/tasks/main.yml
+++ b/roles/workflow_proxy_realm/tasks/main.yml
@@ -11,6 +11,8 @@
   include_role:
     name: keycloak
     tasks_from: _configure_realm
+  vars:
+    current_realm_password_policy: ''
 
 - name: "Create realm users"
   include_role: