diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index debe429..0ba7fbc 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -6,5 +6,9 @@
     # out during our test run and that is absolutely no bueno
     sshd_permit_root_login: true
     sshd_port: 22
+    members: files/members.yml
+  pre_tasks:
+    - name: Include resource variables
+      include_vars: "{{ members }}"
   roles:
     - role: autonomic.sshd
diff --git a/molecule/default/files/members.yml b/molecule/default/files/members.yml
new file mode 100644
index 0000000..9f1aa65
--- /dev/null
+++ b/molecule/default/files/members.yml
@@ -0,0 +1,6 @@
+---
+members:
+  - username: foobar
+    email: barfoo
+    ssh_key: "ssh-rsa foo bar@nowhere.com"
+    uid: 1100
diff --git a/tasks/main.yml b/tasks/main.yml
index bf45eb8..e98f00a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+- name: Ensure mandatory variables are configured
+  assert:
+    that: "{{ item }} is defined"
+    fail_msg: "You must define the '{{ item }}' variable"
+  with_items:
+    - members
+
 - name: Disable root SSH login
   lineinfile:
     line: PermitRootLogin no
@@ -14,12 +21,15 @@
     regexp: "^#?PasswordAuthentication"
   notify: Restart SSH
 
-- name: Include the resource variables
-  include_vars: "{{ role_path }}/../../resources/{{ lookup('env', 'MEMBERS_FILE') | default('members.yml', True) }}"
+- name: Include resource variables
+  include_vars: "{{ members }}"
+  tags:
+    # Note(d1): we already load in converge.yml so skip here
+    - molecule-notest
 
-- name: Register the list of autonomic members
+- name: Register the list of members
   set_fact:
-    members_list: "{{ autonomic_members | map(attribute='username') | list | join(' ') }}"
+    members_list: "{{ members | map(attribute='username') | list | join(' ') }}"
 
 - name: "Only allow logins from {{ members_list }}"
   lineinfile: