diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml
index cdcbcc04e..42a08712b 100644
--- a/roles/matrix-backup-borg/defaults/main.yml
+++ b/roles/matrix-backup-borg/defaults/main.yml
@@ -41,7 +41,7 @@ matrix_backup_borg_encryption: repokey-blake2
 matrix_backup_borg_ssh_key_private: ""
 
 # allow unencrypted repo access
-matrix_backup_borg_unknown_unencrypted_access: false
+matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: false
 
 # borg ssh command with ssh key
 matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey
diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml
index 4d3fb1c8a..6069a12bc 100644
--- a/roles/matrix-backup-borg/tasks/validate_config.yml
+++ b/roles/matrix-backup-borg/tasks/validate_config.yml
@@ -7,4 +7,12 @@
   with_items:
     - "matrix_backup_borg_ssh_key_private"
     - "matrix_backup_borg_location_repositories"
-    - "matrix_backup_borg_storage_encryption_passphrase"
+#    - "matrix_backup_borg_storage_encryption_passphrase"
+#      when: "matrix_backup_borg_unknown_unencrypted_repo_access_is_ok == false"
+#    - "matrix_backup_borg_storage_encryption_passphrase"
+
+- name: Fail if encryption passphrase is undefined unless repository is unencrypted
+  fail:
+    msg: >-
+      You need to define a required passphrase.
+  when: "matrix_backup_borg_storage_encryption_passphrase == '' and not matrix_backup_borg_encryption == 'none'"
diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2
index 8a2d86f2a..ed22309fc 100644
--- a/roles/matrix-backup-borg/templates/config.yaml.j2
+++ b/roles/matrix-backup-borg/templates/config.yaml.j2
@@ -11,7 +11,7 @@ storage:
   ssh_command: {{ matrix_backup_borg_storage_ssh_command }}
   archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}'
   encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }}
-  unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_access }}
+  unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }}
 
 retention:
   keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }}