diff --git a/group_vars/all b/group_vars/all
index 058e1e137..aaefe5052 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -105,7 +105,7 @@ dummy:
 ## Monitor options
 #
 #monitor_interface: interface
-#monitor_secret:
+#monitor_secret: "{{ ceph_mon_key.stdout }}"
 #mon_osd_down_out_interval: 600
 #mon_osd_min_down_reporters: 7 # number of OSDs per host + 1
 #mon_clock_drift_allowed: .15
diff --git a/group_vars/mons b/group_vars/mons
index 86f71f590..189242df7 100644
--- a/group_vars/mons
+++ b/group_vars/mons
@@ -11,7 +11,7 @@ dummy:
 
 # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
 #fsid: "{{ cluster_uuid.stdout }}"
-#monitor_secret:
+#monitor_secret: "{{ ceph_mon_key.stdout }}"
 #cephx: true
 
 # CephFS
diff --git a/roles/ceph-common/tasks/check_mandatory_vars.yml b/roles/ceph-common/tasks/check_mandatory_vars.yml
index 472796abe..100e8c2c8 100644
--- a/roles/ceph-common/tasks/check_mandatory_vars.yml
+++ b/roles/ceph-common/tasks/check_mandatory_vars.yml
@@ -14,10 +14,6 @@
     not ceph_stable_rh_storage_cdn_install and
     not ceph_stable_rh_storage_iso_install
 
-- name: make sure a monitor secret is defined
-  fail: msg"monitor_secret must be defined. Go edit group_vars/all or read https://github.com/ceph/ceph-ansible/wiki"
-  when: monitor_secret is not defined
-
 - name: make sure journal_size configured
   fail: msg="journal_size must be configured. See http://ceph.com/docs/master/rados/configuration/osd-config-ref/"
   when: journal_size|int == 0
diff --git a/roles/ceph-mon/defaults/main.yml b/roles/ceph-mon/defaults/main.yml
index 57e45f187..8d3279b98 100644
--- a/roles/ceph-mon/defaults/main.yml
+++ b/roles/ceph-mon/defaults/main.yml
@@ -9,7 +9,7 @@ rgw_group_name: rgws
 
 # ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
 fsid: "{{ cluster_uuid.stdout }}"
-#monitor_secret:
+monitor_secret: "{{ ceph_mon_key.stdout }}"
 cephx: true
 
 # CephFS
diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 0daa3ec01..8aaac6619 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -1,7 +1,22 @@
 ---
+- name: generate monitor initial keyring
+  local_action: >
+    shell python -c "import os ; import struct ; import time; import base64 ; key = os.urandom(16) ; header = struct.pack('<hiih',1,int(time.time()),0,len(key)) ; print base64.b64encode(header + key)' > fetch/ceph_mon_key.con"
+    creates=fetch/ceph_mon_key.conf
+  register: ceph_mon_key
+  sudo: false
+
+- name: read monitor initial keyring if it already exists
+  local_action: >
+    command cat fetch/ceph_mon_key.conf
+    removes=fetch/ceph_mon_key.conf
+  changed_when: false
+  register: ceph_mon_key
+  sudo: false
+
 - name: create monitor initial keyring
   command: >
-    ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret | mandatory }} --cap mon 'allow *'
+    ceph-authtool /var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }} --create-keyring --name=mon. --add-key={{ monitor_secret }} --cap mon 'allow *'
     creates=/var/lib/ceph/tmp/keyring.mon.{{ ansible_hostname }}
 
 - name: set initial monitor key permissions