diff --git a/roles/keytab/tasks/main.yml b/roles/keytab/tasks/main.yml
index 70dff70..c4e5496 100644
--- a/roles/keytab/tasks/main.yml
+++ b/roles/keytab/tasks/main.yml
@@ -24,7 +24,7 @@
     argv:
       - base64
       - "/tmp/{{ inventory_hostname }}.kt"
-    register: keytab_data
+  register: keytab_data
   delegate_to: ldap01.home.foo.sh
   when: not keytab_status.stat.exists
 
@@ -37,8 +37,9 @@
 
 - name: Deploy keytab file
   ansible.builtin.shell: >-
+    set -o pipefail &&
     umask 077 &&
-    echo '{{ keytab_data.stdout }}' | base64 -d > {{ keytab }}
+    echo '{{ keytab_data.stdout }}' | base64 -d > "{{ keytab }}"
   when: not keytab_status.stat.exists
 
 - name: Check keytab permissions