diff --git a/tripleo_ansible/playbooks/rotate-passwords.yaml b/tripleo_ansible/playbooks/rotate-passwords.yaml
index dca917a4f..8de08f338 100644
--- a/tripleo_ansible/playbooks/rotate-passwords.yaml
+++ b/tripleo_ansible/playbooks/rotate-passwords.yaml
@@ -21,15 +21,35 @@
   gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
   any_errors_fatal: true
   vars:
-    container: overcloud
+    stack: overcloud
     password_list: []
     hide_sensitive_logs: true
   tasks:
-    - name: Rotate passwords in plan
+    - name: Set passwords_environment_path
+      set_fact:
+        passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}"
+      when: passwords_environment_path is not defined
+
+    - name: Rotate passwords
       tripleo_passwords_rotate:
         container: "{{ container }}"
         password_list: "{{ password_list }}"
       no_log: "{{ hide_sensitive_logs | bool }}"
+      register: rotated_passwords_result
 
+    - name: Write password file
+      no_log: "{{ hide_sensitive_logs | bool }}"
+      block:
+        - name: Create password parameter fact
+          set_fact:
+            passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}"
+
+        - name: Write password environment file
+          copy:
+            dest: "{{ passwords_environment_path }}"
+            content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}"
+      when:
+        - passwords_environment_path is defined
+        - rotated_passwords_result is defined
   tags:
     - rotate-passwords