diff --git a/roles/users/defaults/main.yaml b/roles/users/defaults/main.yaml
new file mode 100644
index 0000000..d466b07
--- /dev/null
+++ b/roles/users/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+user_default_shell: /bin/bash
diff --git a/roles/users/tasks/main.yaml b/roles/users/tasks/main.yaml
index 1b883a4..531b29b 100644
--- a/roles/users/tasks/main.yaml
+++ b/roles/users/tasks/main.yaml
@@ -18,11 +18,12 @@
     groups: "{{ item.groups | default(omit) }}"
     home: "{{ item.home | default(omit) }}"
     password: "{{ item.password | default(omit) }}"
-    shell: "{{ item.shell | default(omit) }}"
+    shell: "{{ item.shell | default(user_default_shell) }}"
     state: "{{ item.state | default('present') }}"
     system: false
   with_items: "{{ users_interactive }}"
   when: users_interactive is defined
+  no_log: yes
 
 - name: ensure system groups
   group:
@@ -48,6 +49,7 @@
     system: true
   with_items: "{{ users_system }}"
   when: users_system is defined
+  no_log: yes
 
 - name: ensure authorized keys
   authorized_key: