diff --git a/tasks/source_vars.yml b/tasks/source_vars.yml
index fa5deb2..f1a3b56 100755
--- a/tasks/source_vars.yml
+++ b/tasks/source_vars.yml
@@ -2,7 +2,9 @@
 - name: Register variable {{ item }}
   shell: . {{ shell_script }} && echo ${{ item }}
   register: output_var
+  changed_when: false
 
 - name: Set variable {{ item }}
   set_fact:
     "{{ item }}": "{{ output_var.stdout }}"
+  changed_when: false
diff --git a/tasks/start.yml b/tasks/start.yml
index a2585ad..684d7fd 100755
--- a/tasks/start.yml
+++ b/tasks/start.yml
@@ -1,24 +1,11 @@
 ---
-- name: Assert extra-vars are set
-  ansible.builtin.assert:
-    that:
-      - item | length > 0
-    msg: "{{ item }} environment variable must be set"
-  with_items:
-    - KEY
-    - DOC_KEY
-    - DUPLICITY_PASSPHRASE
-    - SCRIPT
-
-- name: Assert SECRETS_ARCHIVE_PASSPHRASE environment variable is set
-  ansible.builtin.assert:
-    that:
-      - lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0
-    msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"
+- name: Assert environment variable is not empty
+  ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"
+  with_items: "{{ PLAYBOOK_REQUIRED_ENV_VARS }}"
 
 - name: Download secrets.tar.gz.enc
   ansible.builtin.get_url:
-    url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
+    url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"
     dest: /root/secrets.tar.gz.enc
 
 - name: Install openssh-client
@@ -267,10 +254,10 @@
       OS_USERNAME: "{{ OS_USERNAME }}"
       OS_PASSWORD: "{{ OS_PASSWORD }}"
       OS_REGION_NAME: "{{ OS_SWIFT_REGION_NAME }}"
-      KEY: "{{ KEY }}"
-      DOC_KEY: "{{ DOC_KEY }}"
+      KEY: "{{ lookup('env','KEY') }}"
+      DOC_KEY: "{{ lookup('env','DOC_KEY') }}"
       SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env','SECRETS_ARCHIVE_PASSPHRASE') }}"
-      DUPLICITY_PASSPHRASE: "{{ DUPLICITY_PASSPHRASE }}"
+      DUPLICITY_PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"
   remote_user: "{{ user }}"
   delegate_to: 172.17.0.1
   become: true
diff --git a/vars/main.yml b/vars/main.yml
index 18b3b01..3952bb2 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,13 +1,10 @@
 user: centos
 CLOUD_SERVER: cloud.scimetis.net
 GIT_SERVER: git.scimetis.net
-KEY: "{{ lookup('env','KEY') }}"
-DOC_KEY: "{{ lookup('env','DOC_KEY') }}"
-DUPLICITY_PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"
-SCRIPT: "{{ lookup('env','SCRIPT') }}"
 OS_SWIFT_REGION_NAME: GRA
 WORKDIR: /mnt/volumes/tmp_duplicity_workdir/data
 ARCHIVE_DIR: /mnt/volumes/duplicity_cache/data
+
 BOOTSTRAP_REPOS:
   - docker-nextcloud-stack
   - docker-reverse-proxy-stack
@@ -16,6 +13,7 @@ BOOTSTRAP_REPOS:
   - docker-mysql-stack
   - docker-mysql
   - systemd-mount-cinder-volume
+
 BOOTSTRAP_REQUIRED_ENV_VARS:
   - OS_AUTH_URL
   - OS_IDENTITY_API_VERSION
@@ -27,6 +25,13 @@ BOOTSTRAP_REQUIRED_ENV_VARS:
   - DUPLICITY_PASSPHRASE
   - KEY
   - DOC_KEY
+
+PLAYBOOK_REQUIRED_ENV_VARS:
+  - KEY
+  - DOC_KEY
+  - SECRETS_ARCHIVE_PASSPHRASE
+  - DUPLICITY_PASSPHRASE
+
 DUPLICITY_ENVIRONMENT:
   SWIFT_AUTHURL: "{{ lookup('env','OS_AUTH_URL') }}"
   SWIFT_AUTHVERSION: "{{ lookup('env','OS_IDENTITY_API_VERSION') }}"