diff --git a/roles/proxmox_lxc_provision/README.md b/roles/proxmox_lxc_provision/README.md
index 75f322d..ae4728d 100755
--- a/roles/proxmox_lxc_provision/README.md
+++ b/roles/proxmox_lxc_provision/README.md
@@ -62,7 +62,9 @@ It also includes tasks which may be used individually:
 | `lxc_storage` | Target storage for the container | `local-zfs` |
 | `lxc_size` | Disk size in GB | `16` |
 | `lxc_disk` | The target storage and storage size | `local-zfs:16` |
-| `lxc_password` | The password for the root account | - |
+| `lxc_root_password` | Password for the root account. On creates from `lxc_template` it is set via the Proxmox API; on clones it is applied inside the container by `post-clone.yml`. | - |
+| `lxc_user_name` | Name of an additional non-root user to manage in `post-clone.yml` (clone path only). | `admin` |
+| `lxc_user_password` | Password for `lxc_user_name`. Only applied on the clone path via `post-clone.yml`. The user must already exist in the source template. | - |
 | `lxc_cores` | The number of CPU cores | `4` |
 | `lxc_memory` | Memory size in MB | `2048` |
 | `lxc_swap` | Swap memory size in MB | `2048` |
diff --git a/roles/proxmox_lxc_provision/defaults/main.yml b/roles/proxmox_lxc_provision/defaults/main.yml
index 1833ea8..e803cfd 100755
--- a/roles/proxmox_lxc_provision/defaults/main.yml
+++ b/roles/proxmox_lxc_provision/defaults/main.yml
@@ -25,3 +25,4 @@ lxc_nvidia_gpu_mount: false
 lxc_tags: ["ansible-managed"]
 lxc_clone_type: full
 lxc_start: true
+lxc_user_name: admin
diff --git a/roles/proxmox_lxc_provision/tasks/create.yml b/roles/proxmox_lxc_provision/tasks/create.yml
index b3bac4c..d586085 100755
--- a/roles/proxmox_lxc_provision/tasks/create.yml
+++ b/roles/proxmox_lxc_provision/tasks/create.yml
@@ -3,7 +3,7 @@
   community.proxmox.proxmox:
     vmid: "{{ lxc_vmid | default(omit) }}"
     hostname: "{{ lxc_hostname }}"
-    password: "{{ lxc_password }}"
+    password: "{{ lxc_root_password | default(omit) }}"
     ostemplate: "{{ lxc_template }}"
     cores: "{{ lxc_cores }}"
     memory: "{{ lxc_memory }}"
diff --git a/roles/proxmox_lxc_provision/tasks/post-clone.yml b/roles/proxmox_lxc_provision/tasks/post-clone.yml
index 7977e48..4f6ee8a 100755
--- a/roles/proxmox_lxc_provision/tasks/post-clone.yml
+++ b/roles/proxmox_lxc_provision/tasks/post-clone.yml
@@ -2,16 +2,16 @@
 - name: Change root password
   ansible.builtin.user:
     name: root
-    password: "{{ lxc_password | password_hash('sha512') }}"
+    password: "{{ lxc_root_password | password_hash('sha512') }}"
     update_password: always
-  when: lxc_password is defined
+  when: lxc_root_password is defined
 
-- name: Change admin password
+- name: Change user password
   ansible.builtin.user:
-    name: admin
-    password: "{{ password | password_hash('sha512') }}"
+    name: "{{ lxc_user_name }}"
+    password: "{{ lxc_user_password | password_hash('sha512') }}"
     update_password: always
-  when: password is defined
+  when: lxc_user_password is defined
 
 - name: Regenerate SSH host keys
   ansible.builtin.include_role:
diff --git a/roles/proxmox_lxc_provision/tasks/update.yml b/roles/proxmox_lxc_provision/tasks/update.yml
index 932f977..f5aa2a8 100755
--- a/roles/proxmox_lxc_provision/tasks/update.yml
+++ b/roles/proxmox_lxc_provision/tasks/update.yml
@@ -3,7 +3,7 @@
   community.proxmox.proxmox:
     vmid: "{{ lxc_vmid }}"
     hostname: "{{ lxc_hostname }}"
-    password: "{{ lxc_password | default(omit) }}"
+    password: "{{ lxc_root_password | default(omit) }}"
     cores: "{{ lxc_cores }}"
     memory: "{{ lxc_memory }}"
     swap: "{{ lxc_swap }}"