diff --git a/group_vars/mons.yml.sample b/group_vars/mons.yml.sample
index b6d49a405..8ae0df447 100644
--- a/group_vars/mons.yml.sample
+++ b/group_vars/mons.yml.sample
@@ -31,6 +31,11 @@ dummy:
 #  - nodelete
 #  - nosizechange
 
+#client_admin_ceph_authtool_cap:
+#  mon: allow *
+#  osd: allow *
+#  mds: allow *
+#  mgr: allow *
 
 ###############
 # CRUSH RULES #
diff --git a/roles/ceph-mon/defaults/main.yml b/roles/ceph-mon/defaults/main.yml
index 29dcafaff..0035fe583 100644
--- a/roles/ceph-mon/defaults/main.yml
+++ b/roles/ceph-mon/defaults/main.yml
@@ -23,6 +23,11 @@ secure_cluster_flags:
   - nodelete
   - nosizechange
 
+client_admin_ceph_authtool_cap:
+  mon: allow *
+  osd: allow *
+  mds: allow *
+  mgr: allow *
 
 ###############
 # CRUSH RULES #
diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 11facb3de..e97670f1c 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -48,17 +48,6 @@
     mode: "0755"
     recurse: true
 
-- name: set_fact client_admin_ceph_authtool_cap
-  set_fact:
-    client_admin_ceph_authtool_cap:
-      mon: allow *
-      osd: allow *
-      mds: allow *
-      mgr: allow *
-  when:
-    - cephx
-    - admin_secret != 'admin_secret'
-
 - name: create custom admin keyring
   ceph_key:
     name: client.admin