diff --git a/defaults/main.yml b/defaults/main.yml
index 16b851e..5f2cddb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -50,8 +50,11 @@ es_security_api: "{{ '_security' if es_version is version_compare('7.0.0', '>=')
 es_enable_http_ssl: false
 es_enable_transport_ssl: false
 es_ssl_keystore: ""
+es_ssl_keystore_password: ""
 es_ssl_truststore: ""
+es_ssl_truststore_password: ""
 es_ssl_key: ""
+es_ssl_key_password: ""
 es_ssl_certificate: ""
 es_ssl_certificate_authority: ""
 es_ssl_certificate_path: "/etc/elasticsearch/certs"
diff --git a/tasks/elasticsearch-ssl.yml b/tasks/elasticsearch-ssl.yml
index 7aba66b..a78a1ab 100644
--- a/tasks/elasticsearch-ssl.yml
+++ b/tasks/elasticsearch-ssl.yml
@@ -35,3 +35,51 @@
   #Restart if this changes
   notify: restart elasticsearch
   when: es_ssl_certificate_authority | bool
+
+- name: Set transport keystore password
+  shell: echo "{{es_ssl_keystore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password'
+  no_log: True
+  when: es_ssl_keystore_password and copy_keystores.changed
+  with_items:
+    - http
+    - transport
+
+- name: Set transport truststore password
+  shell: echo "{{es_ssl_truststore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password'
+  no_log: True
+  when: es_ssl_truststore_password and copy_keystores.changed
+  with_items:
+    - http
+    - transport
+
+- name: Set transport key password
+  shell: echo "{{es_ssl_key_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase'
+  no_log: True
+  when: es_ssl_key_password and copy_certificates.changed
+  with_items:
+    - http
+    - transport
+
+- name: Remove transport keystore password
+  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'"
+  no_log: True
+  when: es_ssl_keystore_password == "" and copy_keystores.changed
+  with_items:
+    - http
+    - transport
+
+- name: Remove transport truststore password
+  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'"
+  no_log: True
+  when: es_ssl_truststore_password == "" and copy_keystores.changed
+  with_items:
+    - http
+    - transport
+
+- name: Remove transport key password
+  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'"
+  no_log: True
+  when: es_ssl_key_password == "" and copy_certificates.changed
+  with_items:
+    - http
+    - transport