diff --git a/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py b/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py
index 52ae75f59..6011157af 100644
--- a/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py
+++ b/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py
@@ -297,11 +297,13 @@ class TestDeployUndercloud(TestPluginV1):
                        'undercloud_rpc_password = pick-me-rpc\n'
                        'undercloud_legacy_pass = pick-me-legacy-instack\n')
 
-        self.cmd._update_passwords_env(self.temp_homedir,
-                                       'stack', upgrade=True,
-                                       passwords={'ADefault': 456,
-                                                  'ExistingKey':
-                                                  'dontupdate'})
+        with mock.patch('tripleoclient.constants.CLOUD_HOME_DIR',
+                        self.temp_homedir):
+            self.cmd._update_passwords_env(self.temp_homedir,
+                                           'stack', upgrade=True,
+                                           passwords={'ADefault': 456,
+                                                      'ExistingKey':
+                                                      'dontupdate'})
         expected_dict = {
             'parameter_defaults': {'GeneratedPassword': 123,
                                    'ExistingKey': 'xyz',
diff --git a/tripleoclient/v1/tripleo_deploy.py b/tripleoclient/v1/tripleo_deploy.py
index 4c3f9249e..69bc04e80 100644
--- a/tripleoclient/v1/tripleo_deploy.py
+++ b/tripleoclient/v1/tripleo_deploy.py
@@ -19,7 +19,6 @@ import logging
 import netaddr
 import os
 import pwd
-import re
 import shutil
 import six
 import subprocess
@@ -279,7 +278,7 @@ class Deploy(command.Command):
                               passwords=None, stack_name='undercloud'):
         pw_file = os.path.join(output_dir,
                                'tripleo-' + stack_name + '-passwords.yaml')
-        undercloud_pw_file = os.path.join(output_dir,
+        undercloud_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
                                           stack_name + '-passwords.conf')
 
         # Generated passwords take the lowest precedence, allowing
@@ -329,6 +328,7 @@ class Deploy(command.Command):
                     else:
                         k = ''.join(i.capitalize() for i in k.split('_')[1:])
                     legacy_env[k] = v
+                os.remove(undercloud_pw_file)
 
             # Get the keystone keys before upgrade
             keystone_fernet_repo = '/etc/keystone/fernet-keys/'
@@ -374,22 +374,6 @@ class Deploy(command.Command):
         # TODO(cjeanner) drop that once using oslo.privsep
         # Do not forget to re-add os.chmod 0o600 on that one!
         self._set_data_rights(pw_file, user=user)
-        # Write out an instack undercloud compatible version.
-        # This contains sensitive data so ensure it's not world-readable
-        with open(undercloud_pw_file, 'w') as pf:
-            pf.write('[auth]\n')
-            for p, v in stack_env['parameter_defaults'].items():
-                if 'Password' in p or 'Token' in p or p.endswith('Kek'):
-                    # Convert camelcase from heat templates into the underscore
-                    # format used by instack undercloud.
-                    s1 = re.sub('(.)([A-Z][a-z]+)', r'\1_\2', p)
-                    pw_key = re.sub('([a-z0-9])([A-Z])',
-                                    r'\1_\2', s1).lower()
-                    pf.write('undercloud_%s: %s\n' % (pw_key, v))
-
-        # TODO(cjeanner) drop that once using oslo.privsep
-        # Do not forget to re-add os.chmod 0o600 on that one!
-        self._set_data_rights(undercloud_pw_file, user=user)
 
         return pw_file
 
diff --git a/tripleoclient/v1/undercloud.py b/tripleoclient/v1/undercloud.py
index 5fe20fb43..20cea996c 100644
--- a/tripleoclient/v1/undercloud.py
+++ b/tripleoclient/v1/undercloud.py
@@ -160,7 +160,7 @@ class InstallUndercloud(command.Command):
                 self.log.warning(UNDERCLOUD_COMPLETION_MESSAGE.format(
                     os.path.join(
                         constants.UNDERCLOUD_OUTPUT_DIR,
-                        'undercloud-passwords.conf'
+                        'tripleo-undercloud-passwords.yaml'
                     ),
                     '~/stackrc'
                     ))
@@ -221,7 +221,7 @@ class UpgradeUndercloud(InstallUndercloud):
                 UNDERCLOUD_UPGRADE_COMPLETION_MESSAGE.format(
                     os.path.join(
                         constants.UNDERCLOUD_OUTPUT_DIR,
-                        'undercloud-passwords.conf'
+                        'tripleo-undercloud-passwords.yaml'
                     ),
                     '~/stackrc'))
         except Exception as e:
diff --git a/tripleoclient/v1/undercloud_preflight.py b/tripleoclient/v1/undercloud_preflight.py
index baa3de7f7..d22104b16 100644
--- a/tripleoclient/v1/undercloud_preflight.py
+++ b/tripleoclient/v1/undercloud_preflight.py
@@ -334,7 +334,8 @@ def _validate_passwords_file():
     else:
         output_dir = CONF['output_dir']
 
-    passwd_path = os.path.join(output_dir, 'undercloud-passwords.conf')
+    passwd_path = os.path.join(output_dir,
+                               'tripleo-undercloud-passwords.yaml')
     if (os.path.isfile(os.path.join(constants.CLOUD_HOME_DIR, 'stackrc')) and
             not os.path.isfile(passwd_path)):
         message = (_('The %s file is missing.  This will cause all service '