diff --git a/azure/terraform/README.md b/azure/terraform/README.md
index 96b8bbe..6d9091b 100644
--- a/azure/terraform/README.md
+++ b/azure/terraform/README.md
@@ -1,65 +1,71 @@
 # What
 
 Terraform allows to transparently declare our infrastructure as code.
 
 
 # The road so far
 
 Only the vault is defined within the `vault.tf` file.
 
 Vault is composed of:
 - one api allowing to request object cooking or retrieve cooked objects
   (objstorage, db)
 - this also uses a storage to read the swh archive (azure:
   storage0.euwest.azure)
 
 The vault.tf defines here:
 - existing:
   - subnet (reuse)
   - security-group (reuse)
 - new resource:
   - euwest-vault: to group together the allocated resource for the vault
   - vangogh-interface: to define an ip for the new server vangogh
   - vault-storage: storage account for the BlobStorage necessary for the
     objstorage api of the vault (including a container "contents" to actually
     store the blobs)
   - vault-server: the 'vangogh.euwest.azure' vm to actually serve the vault api
 
 # Install terraform
 
 https://learn.hashicorp.com/terraform/getting-started/install.html#installing-terraform
 
 # Login
 
 Through azure cli (for now)
 
 ```
 az login
 ```
 
 # Init
 
 ```
 terraform init
 ```
 
 # Plan changes
 
 This will compute all *.tf files present in the folder and compute a
 differential plan:
 
 ```
 terraform plan
 ```
 
-Note: It might be a good idea to change the `variables.tf` file to adapt for
-example the admin user and its associated public key
-
 # Apply changes
 
 Same as previous command except that it applies the diff to the infra
 (interactive):
 
 ```
 terraform apply
 ```
+
+Note: adapt the `init.tf` file with the admin user's associated public key
+first. That will allow you to connect (ssh) to the new nodes you created (if
+any).
+
+# Arborescence
+
+- init.tf: Common resources in our azure infrastructure
+- vault.tf: Vault node definition
diff --git a/azure/terraform/init.tf b/azure/terraform/init.tf
new file mode 100644
index 0000000..ec215b2
--- /dev/null
+++ b/azure/terraform/init.tf
@@ -0,0 +1,33 @@
+# Keyword use:
+# - provider: Define the provider(s)
+# - data: Retrieve data information to be used within the file
+# - resource: Define resource and create/update
+
+# Configure the Microsoft Azure Provider
+# Empty if using the `az login` tool
+provider "azurerm" {
+  version             = "~> 1.27"
+}
+
+# Reuse the network security group as defined currently
+data "azurerm_network_security_group" "worker-nsg" {
+  name                = "worker-nsg"
+  resource_group_name = "swh-resource"
+}
+
+# Same for the subnet
+data "azurerm_subnet" "default" {
+  name                 = "default"
+  virtual_network_name = "swh-vnet"
+  resource_group_name  = "swh-resource"
+}
+
+variable "ssh_key_data" {
+  type = "string"
+  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@yavin4"
+}
+
+variable "user_admin" {
+    type = "string"
+    default = "root"
+}
diff --git a/azure/terraform/variables.tf b/azure/terraform/variables.tf
deleted file mode 100644
index d0b07b1..0000000
--- a/azure/terraform/variables.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-variable "ssh_key_data" {
-  type = "string"
-  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@bespin"
-}
-
-variable "user_admin" {
-    type = "string"
-    default = "ardumont"
-}
diff --git a/azure/terraform/vault.tf b/azure/terraform/vault.tf
index e1834e7..372452f 100644
--- a/azure/terraform/vault.tf
+++ b/azure/terraform/vault.tf
@@ -1,111 +1,87 @@
-# Keyword use:
-# - provider: Define the provider(s)
-# - data: Retrieve data information to be used within the file
-# - resource: Define resource and create/update
-
-# Configure the Microsoft Azure Provider
-# Empty if using the `az login` tool
-provider "azurerm" {
-  version             = "~> 1.27"
-}
-
-# Reuse the network security group as defined currently
-data "azurerm_network_security_group" "worker-nsg" {
-  name                = "worker-nsg"
-  resource_group_name = "swh-resource"
-}
-
-# Same for the subnet
-data "azurerm_subnet" "default" {
-  name                 = "default"
-  virtual_network_name = "swh-vnet"
-  resource_group_name  = "swh-resource"
-}
-
 # Define a new resource for the vault
 # matching what we name elsewhere "euwest-${resource}"
 
 resource "azurerm_resource_group" "euwest-vault" {
   name     = "euwest-vault"
   location = "westeurope"
 
   tags {
       environment = "SWH Vault"
   }
 }
 
 resource "azurerm_network_interface" "vangogh-interface" {
   name                = "vangogh-interface"
   location            = "westeurope"
   resource_group_name = "euwest-vault"
   network_security_group_id = "${data.azurerm_network_security_group.worker-nsg.id}"
 
   ip_configuration {
     name                          = "vaultNicConfiguration"
     subnet_id                     = "${data.azurerm_subnet.default.id}"
     public_ip_address_id          = ""
     private_ip_address_allocation = "Dynamic"
   }
 }
 
 # Blobstorage as defined in task
 resource "azurerm_storage_account" "vault-storage" {
   name                     = "swhvaultstorage"
   resource_group_name      = "${azurerm_resource_group.euwest-vault.name}"
   location                 = "westeurope"
   account_tier             = "Standard"
   account_replication_type = "LRS"
   account_kind             = "BlobStorage"
   access_tier              = "Cool"
   tags {
       environment = "SWH Vault"
   }
 }
 
 # A container for the blob storage named 'contents' (as other blob storages)
 resource "azurerm_storage_container" "contents" {
   name                  = "contents"
   resource_group_name   = "${azurerm_resource_group.euwest-vault.name}"
   storage_account_name  = "${azurerm_storage_account.vault-storage.name}"
   container_access_type = "private"
 }
 
 resource "azurerm_virtual_machine" "vault-server" {
   name                  = "vangogh"
   location              = "westeurope"
   resource_group_name   = "euwest-vault"
   network_interface_ids = ["${azurerm_network_interface.vangogh-interface.id}"]
   vm_size               = "Standard_B2ms"
 
   storage_os_disk {
     name              = "vangogh-osdisk"
     caching           = "ReadWrite"
     create_option     = "FromImage"
     managed_disk_type = "Premium_LRS"
   }
 
   storage_image_reference {
     publisher = "credativ"
     offer     = "Debian"
     sku       = "9"
     version   = "latest"
   }
 
   # (Va)ngogh <-> (Va)ult
   os_profile {
     computer_name  = "vangogh"
     admin_username = "${var.user_admin}"
   }
 
   os_profile_linux_config {
     disable_password_authentication = true
     ssh_keys {
       path = "/home/${var.user_admin}/.ssh/authorized_keys"
       key_data = "${var.ssh_key_data}"
     }
   }
 
   tags {
       environment = "SWH Vault"
   }
 }