diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3f991fbaf58345b418602ea844ce571395358a3d
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+iptables: []
+nfs_mounts: {}
+users: []
+groups: []
+callas_sdk_version: ""
diff --git a/tasks/compile_callas_binaries.yml b/tasks/compile_callas_binaries.yml
index ec9a2894e311be38ac2523d6ca82684d1737c195..19741fa825a7d0011d42d4ec7d9db36130faf79c 100644
--- a/tasks/compile_callas_binaries.yml
+++ b/tasks/compile_callas_binaries.yml
@@ -44,7 +44,7 @@
 - name: set symlinks for Callas PDF Engine
   ansible.builtin.file:
     state: link
-    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
     path: "/opt/pdfa_webservice/{{ item }}"
   loop:
     - "etc"
diff --git a/tasks/configure_crontab.yml b/tasks/configure_crontab.yml
index e96eb71642cc35c98e27bc43fc8ec7995b781d30..2cbbed84db08deaf15bf03a7ea46bc5ac37ad229 100644
--- a/tasks/configure_crontab.yml
+++ b/tasks/configure_crontab.yml
@@ -2,11 +2,11 @@
 ### CRONTAB EINRICHTEN ###
 - name: DEBUG
   ansible.builtin.debug:
-    var: vault_users
+    var: users
 - name: Cronjob zum Löschen alter tmpfiles aus /tmp erstellen
   ansible.builtin.cron:
     name: "delete old tmpfiles from /tmp"
     hour: "0"
     minute: "0"
-    user: "{{ vault_users.0.name }}"
+    user: "{{ users.0.name }}"
     job: 'find /tmp/ -maxdepth 1 -name "tmpfile*" -mtime +1 -exec rm \{\} \; >/dev/null 2>&1'
diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index 57a6333d4e8e82fb7e13a3b9c7eed7f7247fbd11..32d13f9ad0f0f1c9a8f5a5882e50c97bf985b506 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -15,6 +15,6 @@
     source_port: "{{ item.src_port | default(omit) }}"
     state: "{{ item.state | default('present') }}"
     table: "filter"
-  loop: "{{ vault_iptables | flatten(levels=1) }}"
+  loop: "{{ iptables | flatten(levels=1) }}"
   notify:
     - save iptables rules
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index e307af2c73254ec5680feb37e7a56c78fedc0fbe..a3c217fb03d34bfdf6db6b16d84addedb3858538 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -1,14 +1,14 @@
 ---
 - name: Mountpoint fuer Logging anlegen
   ansible.builtin.file:
-    path: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+    path: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
     state: directory
     mode: "0400"
 
 - name: NFS-Shares fuer Logging mounten
   ansible.posix.mount:
-    name: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
-    src: "{{ vault_nfs_mounts.log.share }}/{{ ansible_hostname }}"
+    name: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+    src: "{{ nfs_mounts.log.share }}/{{ ansible_hostname }}"
     state: mounted
     fstype: "nfs"
     opts: "defaults,nodev,nosuid,rsize=65536,wsize=65536,vers=3"
diff --git a/tasks/create_users_groups.yml b/tasks/create_users_groups.yml
index bdb7abff13f7de99882ed1877128a627cd4ad3d2..3810e8e95d62953f5adee5850c728bdcbad0f25d 100644
--- a/tasks/create_users_groups.yml
+++ b/tasks/create_users_groups.yml
@@ -4,11 +4,11 @@
     name: "{{ item.name }}"
     gid: "{{ item.gid | default(omit) }}"
     state: "item.state | default('present') }}"
-  loop: "{{ vault_groups | flatten(levels=1) }}"
+  loop: "{{ groups | flatten(levels=1) }}"
 
 - name: User in Gruppen einfügen und primäre Gruppe setzen
   ansible.builtin.user:
     name: "{{ item.name }}"
     group: "{{ item.group }}"
     groups: "{{ item.groups }}"
-  loop: "{{ vault_users | flatten(levels=1) }}"
+  loop: "{{ users | flatten(levels=1) }}"
diff --git a/tasks/install_callas_pdf_engine.yml b/tasks/install_callas_pdf_engine.yml
index 8b569613497fb52c6b23ab1b5edec94600414632..c51c211be696a5d381f4343d11a8719b7b46619a 100644
--- a/tasks/install_callas_pdf_engine.yml
+++ b/tasks/install_callas_pdf_engine.yml
@@ -26,7 +26,7 @@
 - name: copy callas PDFEngine
   ansible.builtin.get_url:
     url: "http://www.callassoftware.com/extranet/callas_pdfEngineSDK/callas_pdfEngineSDK_x64_Linux.tar.gz"
-    dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
     mode: "0644"
   changed_when: false    # This will always change, because we're installing a
                          # fresh version of Callas into a cleaned directory
@@ -36,14 +36,14 @@
 # (https://github.com/ansible/ansible/issues/28569)
 - name: unpack callas PDFEngine
   ansible.builtin.unarchive:
-    src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
     dest: "/usr/local/lib/callas_pdfEngine_SDK_x64"
     remote_src: true
   changed_when: false    # This will always change.
 
 - name: ... and remove source (as there's no actual move module in Ansible).
   ansible.builtin.file:
-    path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
     state: absent
   changed_when: false    # This will always change. We just downloaded a fresh
                          # archive that now needs to be cleaned up.
@@ -58,7 +58,7 @@
 
 - name: symlink callas PDFEngine from '/usr/local/lib/callas_pdfEngine_SDK_x64/*' to '/usr/lib/cgi-bin/*'
   ansible.builtin.file:
-    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
     dest: "/usr/lib/cgi-bin/{{ item }}"
     state: link
   loop:
@@ -92,8 +92,8 @@
 #     state: link
 #   loop:
 #     - src: "/usr/lib/gcc/x86_64-linux-gnu/10/libstdc++.so"
-#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so"
+#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so"
 #     - src: "/usr/lib/x86_64-linux-gnu/libstdc++.so.6"
-#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so.6"
+#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so.6"
 #   notify: run ldconfig to configure dynamic linker run-time bindings
 #   tags: [molecule-notest]
diff --git a/vars/main.yml b/vars/main.yml
index ed97d539c095cf1413af30cc23dea272095b97dd..285fb9200a584ba40b653981725ab8ac63ddde58 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1 +1,6 @@
 ---
+iptables: "{{ vault_iptables }}"
+nfs_mounts: "{{ vault_nfs_mounts }}"
+users: "{{ vault_users }}"
+groups: "{{ vault_groups }}"
+callas_sdk_version: "{{ vault_callas_sdk_version }}"
diff --git a/vars/validator.vault.example b/vars/validator.vault.example
deleted file mode 100644
index 1c3d3b6740fe41dfcd9cd2a12c18b1045d784701..0000000000000000000000000000000000000000
--- a/vars/validator.vault.example
+++ /dev/null
@@ -1,21 +0,0 @@
----
-vault_iptables:
-  - comment: "WHAT IS THIS RULE FOR?
-    dest_port: DESTINATION_PORT_NUMBER
-    state: present
-
-vault_nfs_mounts:
-  log:
-    mountpoint: "/var/log/LOGDIR/"
-    share: "123.234.321.210:/PATH/TO/NFS/SHARE/"
-
-vault_users:
-  - name: "USERNAME"
-    group: "PRIMARY_GROUP_NAME"
-    groups: "CSV-LIST, OF, SECONDARY, GROUPS"
-
-vault_groups:
-  - name: "GROUPNAME"
-    gid: "1337"
-
-vault_callas_sdk_version: "VERSION_STRING_LIKE_12-3-456"