diff --git a/examples/rhel-production-example/main.tf b/examples/rhel-production-example/main.tf
index e8c79b22..8fc500ed 100644
--- a/examples/rhel-production-example/main.tf
+++ b/examples/rhel-production-example/main.tf
@@ -50,5 +50,6 @@ output "tfe-cluster" {
     installer_dashboard_password = "${module.tfe-cluster.installer_dashboard_password}"
     installer_dashboard__url     = "${module.tfe-cluster.installer_dashboard_url}"
     primary_public_ip            = "${module.tfe-cluster.primary_public_ip}"
+    encryption_password          = "${module.tfe-beta.encryption_password}"
   }
 }
diff --git a/examples/root-example/main.tf b/examples/root-example/main.tf
index 7ffd088e..6fb03b9d 100644
--- a/examples/root-example/main.tf
+++ b/examples/root-example/main.tf
@@ -42,5 +42,6 @@ output "tfe-cluster" {
     installer_dashboard_password = "${module.tfe-cluster.installer_dashboard_password}"
     installer_dashboard__url     = "${module.tfe-cluster.installer_dashboard_url}"
     primary_public_ip            = "${module.tfe-cluster.primary_public_ip}"
+    encryption_password          = "${module.tfe-beta.encryption_password}"
   }
 }
diff --git a/module-instance-template.tf b/module-instance-template.tf
index 36f85159..861cbf9b 100644
--- a/module-instance-template.tf
+++ b/module-instance-template.tf
@@ -19,7 +19,7 @@ module "instance-template" {
   http_proxy_url          = "${var.http_proxy_url}"
   airgap_package_url      = "${var.airgap_package_url}"
   airgap_installer_url    = "${var.airgap_installer_url}"
-  encryption_password     = "${var.encryption_password}"
+  encryption_password     = "${local.encryption_password}"
   postgresql_user         = "${var.postgresql_user}"
   postgresql_password     = "${var.postgresql_password}"
   postgresql_address      = "${var.postgresql_address}"
diff --git a/outputs.tf b/outputs.tf
index d7cf5044..2c84c555 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -22,3 +22,8 @@ output "primary_public_ip" {
   value       = "${var.public_ip}"
   description = "The Public IP for the load balancer to use."
 }
+
+output "encryption_password" {
+  value       = "${local.encryption_password}"
+  description = "If you did not specify an encryption password, this was used."
+}
diff --git a/primary.tf b/primary.tf
index 2f3600ce..8a87febf 100644
--- a/primary.tf
+++ b/primary.tf
@@ -52,7 +52,7 @@ resource "google_compute_instance" "primary" {
     airgap-installer-url = "${var.airgap_package_url == "none" ? "none" : count.index == 0 ? var.airgap_installer_url : local.internal_airgap_url}"
     repl-data            = "${base64encode("${random_pet.console_password.id}")}"
     ptfe-hostname        = "${var.prefix}-primary-${count.index}-${random_string.postfix.result}.${data.google_dns_managed_zone.dnszone.dns_name}"
-    encpasswd            = "${var.encryption_password}"
+    encpasswd            = "${local.encryption_password}"
     release-sequence     = "${var.release_sequence}"
     pg_user              = "${var.postgresql_user}"
     pg_password          = "${var.postgresql_password}"
diff --git a/variables.tf b/variables.tf
index 8cb5477b..cf4bf59a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -2,6 +2,7 @@ locals {
   assistant_port                  = 23010
   rendered_secondary_machine_type = "${var.secondary_machine_type != "" ? var.secondary_machine_type : var.primary_machine_type }"
   internal_airgap_url             = "http://${var.prefix}-primary-0-${random_string.postfix.result}:${local.assistant_port}/setup-files/replicated.tar.gz?token=${random_string.setup_token.result}"
+  encryption_password             = "${var.encryption_password != "" ? var.encryption_password : random_string.default_enc_password.result}"
 }
 
 ###################################################
@@ -268,3 +269,9 @@ resource "random_string" "setup_token" {
   upper   = false
   special = false
 }
+
+resource "random_string" "default_enc_password" {
+  length  = 32
+  upper   = true
+  special = false
+}