diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..fbbcf82
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+# Do not prompt or fail on unknown host keys (Semaphore runner has no ~/.ssh/known_hosts)
+host_key_checking = False
+
+# Disable become by default — playbooks/tasks set become: true explicitly where needed.
+# This overrides any system-wide become=True in /etc/ansible/ansible.cfg on the runner.
+become = False
diff --git a/inventory/hosts.yml b/inventory/hosts.yml
index d2e135c..64e2572 100644
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@@ -1,6 +1,5 @@
 # Targeted inventory — first Docker discovery run
-# 6 hosts manually selected for initial credential testing
-# Replace CHANGEME with real credentials, then push to Gitea
+# 5 hosts manually selected for initial credential testing
 
 all:
   hosts:
@@ -11,24 +10,28 @@ all:
       ansible_user: sam
       ansible_ssh_pass: Lewiss4224@@@
       ansible_become: true
+      ansible_become_pass: Lewiss4224@@@
 
     ubuntu-server-02:
       ansible_host: 10.40.40.3
       ansible_user: sam
       ansible_ssh_pass: Lewiss4224@@@
       ansible_become: true
+      ansible_become_pass: Lewiss4224@@@
 
     sp-ie-containerlab:
       ansible_host: 10.40.40.156
       ansible_user: user
       ansible_ssh_pass: user
       ansible_become: true
-    
+      ansible_become_pass: user
+
     vRouter-Host:
       ansible_host: 10.40.40.184
       ansible_user: user
       ansible_ssh_pass: user
       ansible_become: true
+      ansible_become_pass: user
 
     # ── 192.168.1.0/24 ─────────────────────────────────────────────────────
     wazuh-graylog-server:
@@ -36,6 +39,7 @@ all:
       ansible_user: user
       ansible_ssh_pass: user
       ansible_become: true
+      ansible_become_pass: user
 
   children:
     subnet_vlan40_10_40_40:
@@ -43,9 +47,8 @@ all:
         ubuntu-server-01: {}
         ubuntu-server-02: {}
         sp-ie-containerlab: {}
+        vRouter-Host: {}
 
     subnet_vlan1_192_168_1:
       hosts:
         wazuh-graylog-server: {}
-        truenas-scale: {}
-        vyos: {}
diff --git a/playbooks/find_docker_enroll_portainer.yml b/playbooks/find_docker_enroll_portainer.yml
index 1423c43..6415607 100644
--- a/playbooks/find_docker_enroll_portainer.yml
+++ b/playbooks/find_docker_enroll_portainer.yml
@@ -27,6 +27,7 @@
       ansible.builtin.wait_for_connection:
         timeout: 10
       register: ssh_check
+      become: false
       ignore_errors: true
 
     - name: Gather minimal facts for reachable hosts