diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 4dd6cc8..afb3198 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -6,6 +6,8 @@ on:  # yamllint disable-line rule:truthy
     tags_ignore:
       - '*'
   pull_request:
+  schedule:
+    - cron: '0 0 1 */3 *'
 
 jobs:
   setup:
diff --git a/README.md b/README.md
index 64158db..c00f4e0 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,7 @@ See [tasks/install.yml](tasks/install.yml).
           id_rsa:
             public: 'ssh-rsa '
             private: "{{ lookup('community.hashi_vault.hashi_vault', 'secret/ssh:private_key') }}"
+        update_password: "on_create"         # default is always
 ```
 
 ## :closed_lock_with_key: [Hardening](HARDENING.md)
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 3f2cc09..82697d1 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,8 +1,9 @@
 ---
 dependency:
   name: shell
-  command: python3 -m pip install pytest-testinfra
-
+  command: |
+    pip install requests pytest-testinfra &&
+    ansible-galaxy collection install community.crypto community.general
 driver:
   name: docker
 
@@ -27,6 +28,9 @@ provisioner:
   name: ansible
   env:
     ANSIBLE_FORCE_COLOR: "true"
+    ANSIBLE_LOAD_CALLBACK_PLUGINS: "true"
+    ANSIBLE_CALLBACKS_ENABLED: "ansible.posix.profile_tasks"
+    ANSIBLE_STDOUT_CALLBACK: "ansible.posix.debug"
   options:
     v: true
 
diff --git a/tasks/create_users.yml b/tasks/create_users.yml
index 836dfd4..e242bfb 100644
--- a/tasks/create_users.yml
+++ b/tasks/create_users.yml
@@ -15,3 +15,4 @@
     uid: "{{ item.value.uid | default(omit) }}"
     group: "{{ item.value.group | default(omit) }}"
     groups: "{{ item.value.groups | default(omit) }}"
+    update_password: "{{ item.value.update_password | default(omit) }}"