diff --git a/functions b/functions
index 7bfa259..4696483 100755
--- a/functions
+++ b/functions
@@ -111,16 +111,28 @@ dokku-ansible-deploy-pre-deploy() {
   dokku-ansible-deploy-validate-dependencies
 
   declare APP="$1"
-  declare APP_CONFIG_PATH="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
-  declare PLUGIN_PATH="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy"
-  declare PREDEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/scripts/predeploy.py"
+  declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
+  declare VAULT_FILE="$APP_DIR/.vault-password.sh"
+  declare PRE_DEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/pre_deploy.yml"
 
   dokku_col_log_info1_quiet "Running pre-deploy steps"
 
-  /usr/bin/python3 "$PREDEPLOY"
-    --app "$APP" \
-    --app-config-path "$APP_CONFIG_PATH" \
-    --plugin-path "$PLUGIN_PATH"
+  # shellcheck disable=SC2155
+  local CMD_ARGS="--inventory $(hostname), --connection local"
+
+  if [[ -f $VAULT_FILE ]]; then
+    dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
+    CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
+  fi
+
+  dokku_col_log_info1_quiet "Running $PRE_DEPLOY"
+
+  ansible-playbook \
+    --extra-vars "app=$APP" \
+    --extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
+    --extra-vars "app_config_root=$APP_DIR" \
+    "$CMD_ARGS" \
+    "$PRE_DEPLOY"
 }
 
 dokku-ansible-deploy-post-deploy() {
@@ -130,10 +142,27 @@ dokku-ansible-deploy-post-deploy() {
   dokku-ansible-deploy-validate-dependencies
 
   declare APP="$1"
-  declare POSTDEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/scripts/postdeploy.py"
+  declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
+  declare VAULT_FILE="$APP_DIR/.vault-password.sh"
+  declare POST_DEPLOY="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/post_deploy.yml"
 
   dokku_col_log_info1_quiet "Running post-deploy steps"
-  /usr/bin/python3 "$POSTDEPLOY" "$APP"
+
+  # shellcheck disable=SC2155
+  local CMD_ARGS="--inventory $(hostname), --connection local"
+
+  if [[ -f $VAULT_FILE ]]; then
+    dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
+    CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
+  fi
+
+  dokku_col_log_info1_quiet "Running $POST_DEPLOY"
+
+  ansible-playbook \
+    --extra-vars "app=$APP" \
+    --extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
+    --extra-vars "app_config_root=$APP_DIR" \ "$CMD_ARGS" \
+    "$POST_DEPLOY"
 }
 
 dokku-ansible-deploy-post-delete() {
@@ -143,8 +172,26 @@ dokku-ansible-deploy-post-delete() {
   dokku-ansible-deploy-validate-dependencies
 
   declare APP="$1"
-  declare POSTDELETE="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/scripts/postdelete.py"
+  declare APP_DIR="$DOKKU_LIB_ROOT/data/deploy.d/$APP"
+  declare VAULT_FILE="$APP_DIR/.vault-password.sh"
+  declare POST_DELETE="$PLUGIN_CORE_AVAILABLE_PATH/ansible-deploy/plays/post_delete.yml"
 
   dokku_col_log_info1_quiet "Running post-delete steps"
-  /usr/bin/python3 "$POSTDELETE"
+
+  # shellcheck disable=SC2155
+  local CMD_ARGS="--inventory $(hostname), --connection local"
+
+  if [[ -f $VAULT_FILE ]]; then
+    dokku_col_log_info1_quiet "$APP vault password file $VAULT_FILE discovered"
+    CMD_ARGS="${CMD_ARGS} --vault-password-file $VAULT_FILE"
+  fi
+
+  dokku_col_log_info1_quiet "Running $POST_DELETE"
+
+  ansible-playbook \
+    --extra-vars "app=$APP" \
+    --extra-vars "dokku_lib_root=$DOKKU_LIB_ROOT" \
+    --extra-vars "app_config_root=$APP_DIR" \
+    "$CMD_ARGS" \
+    "$POST_DELETE"
 }
diff --git a/plays/lib/config.yml b/plays/lib/config.yml
new file mode 100644
index 0000000..6e38856
--- /dev/null
+++ b/plays/lib/config.yml
@@ -0,0 +1,7 @@
+---
+- name: Load app config into playbook context
+  include_vars:
+    dir: "{{ app_config_root }}"
+    extensions:
+      - yml
+      - yaml
diff --git a/plays/lib/database.yml b/plays/lib/database.yml
new file mode 100644
index 0000000..96c99bf
--- /dev/null
+++ b/plays/lib/database.yml
@@ -0,0 +1,25 @@
+---
+- name: "Create {{ db['type'] }} database"
+  no_log: true
+  shell: "
+    dokku
+    {{ db['type'] }}:create
+    {{ app }}
+    --password {{ db_passwd }}
+    --root-password {{ root_db_passwd }}
+  "
+  args:
+    creates: "/var/lib/dokku/services/{{ db['type'] }}/{{ app }}"
+
+- name: Link mariadb database to application
+  dokku_service_link:
+    app: keycloak
+    name: keycloak
+    service: mariadb
+
+- name: Specify mariadb docker volume mounts
+  dokku_storage:
+    app: keycloak
+    mounts:
+      - /var/lib/dokku/services/mariadb/keycloak:/var/lib/mysql
+
diff --git a/plays/lib/domain.yml b/plays/lib/domain.yml
new file mode 100644
index 0000000..d1dffbc
--- /dev/null
+++ b/plays/lib/domain.yml
@@ -0,0 +1,7 @@
+---
+- name: "Configure {{ domain }} domain with Dokku"
+  dokku_domains:
+    app: "{{ app }}"
+    domains:
+      - "{{ domain }}"
+    state: present
diff --git a/plays/lib/vault.yml b/plays/lib/vault.yml
new file mode 100644
index 0000000..6bb2180
--- /dev/null
+++ b/plays/lib/vault.yml
@@ -0,0 +1,13 @@
+---
+- name: Check if vault variables are available for loading
+  stat:
+    path: "{{ app_config_root }}/vault/"
+  register: vault_dir
+
+- name: Load vault variables into playbook context
+  include_vars:
+    dir: "{{ app_config_root }}/vault/"
+    extensions:
+      - yml
+      - yaml
+  when: vault_dir.stat.exists
diff --git a/plays/postdelete.yml b/plays/post_delete.yml
similarity index 100%
rename from plays/postdelete.yml
rename to plays/post_delete.yml
diff --git a/plays/postdeploy.yml b/plays/post_deploy.yml
similarity index 100%
rename from plays/postdeploy.yml
rename to plays/post_deploy.yml
diff --git a/plays/pre_deploy.yml b/plays/pre_deploy.yml
new file mode 100644
index 0000000..7ebf024
--- /dev/null
+++ b/plays/pre_deploy.yml
@@ -0,0 +1,27 @@
+---
+- hosts: all
+  gather_facts: false
+  tasks:
+    - name: Include config tasks
+      include: ./lib/config.yml
+
+    - name: Include vault tasks
+      include: ./lib/vault.yml
+
+    - name: Include domain tasks
+      include: ./lib/domain.yml
+
+    - name: Configure the dokku app environment
+      dokku_config:
+        app: keycloak
+        restart: false
+        config:
+          DB_ADDR: "dokku-mariadb-keycloak:3306"
+          DB_DATABASE: "keycloak"
+          DB_PASSWORD: "{{ db_passwd }}"
+          DB_USER: "mariadb" # https://github.com/dokku/dokku-mariadb/issues/89
+          DB_VENDOR: "mariadb"
+          DOKKU_LETSENCRYPT_EMAIL: "{{ autonomic_admin_mail }}"
+          KEYCLOAK_PASSWORD: "{{ autonomic_admin_pass }}"
+          KEYCLOAK_USER: "{{ autonomic_admin_user }}"
+          PROXY_ADDRESS_FORWARDING: "{{ proxy_address_forwarding }}"
diff --git a/plays/predeploy.yml b/plays/predeploy.yml
deleted file mode 100644
index ed97d53..0000000
--- a/plays/predeploy.yml
+++ /dev/null
@@ -1 +0,0 @@
----
diff --git a/scripts/postdelete.py b/scripts/postdelete.py
deleted file mode 100644
index aa1d221..0000000
--- a/scripts/postdelete.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env python3
-
-
-def postdelete():
-    """Post-delete steps."""
-    pass
-
-
-if __name__ == '__main__':
-    postdelete()
diff --git a/scripts/postdeploy.py b/scripts/postdeploy.py
deleted file mode 100644
index b39832a..0000000
--- a/scripts/postdeploy.py
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env python3
-
-
-def postdeploy():
-    """Post-deploy steps."""
-    pass
-
-
-if __name__ == '__main__':
-    postdeploy()
diff --git a/scripts/predeploy.py b/scripts/predeploy.py
deleted file mode 100644
index 91de252..0000000
--- a/scripts/predeploy.py
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/env python3
-
-from subprocess import check_output
-from os.path import exists
-from ruamel.yaml import YAML
-from argparse import ArgumentParser
-
-yaml = YAML()
-
-def yaml_load_file(target):
-    """Load a YAML file."""
-    try:
-        with open(target, "r") as handle:
-            return yaml.load(handle.read())
-    except Exception as exception:
-        msg = "-----> Failed to load {}, saw {}".format(target, str(exception))
-        print(msg)
-
-
-def load_config(app_config_path):
-    """Load the config.yml if it exists."""
-    config = "{}/vault/config.yml".format(app_config_path)
-
-    if exists(config):
-        print("-----> Loading {}".format(config))
-        return yaml_load_file(config)
-
-    print("-----> No {} discovered, moving on".format(config))
-
-
-def pre_deploy(app, app_config_path, plugin_path):
-    """Pre-deploy steps."""
-    config = load_config(app_config_path)
-
-    cmd = [
-        "ansible-playbook",
-        ""
-    ]
-
-
-if __name__ == '__main__':
-    parser = ArgumentParser()
-    parser.add_argument("--app", help="app name")
-    parser.add_argument("--app-config-path", help="app config path")
-    parser.add_argument("--plugin-path", help="plugin path")
-    args = parser.parse_args()
-    pre_deploy(args.app, args.app_config_path, args.plugin_path)