diff --git a/ansible/convention.yaml b/ansible/convention.yaml
index a382d78..5fac38d 100644
--- a/ansible/convention.yaml
+++ b/ansible/convention.yaml
@@ -33,6 +33,6 @@
   tags:
     - "always"
     - "init"
+    - "site"
     - "[service_name]"
-
 # when: "'tags' is not in ansible_run_tags"
diff --git a/config/secrets/edit_secret.sh b/config/secrets/edit_secret.sh
index c171355..d8e9150 100755
--- a/config/secrets/edit_secret.sh
+++ b/config/secrets/edit_secret.sh
@@ -19,7 +19,11 @@ log() {
     local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
     local level="$1"
     local msg="$2"
-    echo "time=\"$timestamp\" level=\"$level\" msg=\"$msg\" source=\"edit_secret.sh\"">&2
+    if [ "$level" == "error" ]; then
+        echo "time=\"$timestamp\" level=\"$level\" msg=\"$msg\" source=\"edit_secret.sh\"">&2
+    else
+        echo "time=\"$timestamp\" level=\"$level\" msg=\"$msg\" source=\"edit_secret.sh\"">&1
+    fi
 }
 
 # Secret file check
@@ -58,9 +62,9 @@ cleanup() {
 trap cleanup EXIT
 
 # Get GPG password from prompt
-echo -n "Enter GPG passphrase: " >&2
+echo -n "Enter GPG passphrase: " >&1
 read -s GPG_PASSPHRASE
-echo "" >&2
+echo "" >&1
 
 # Decrypt age-key on the tmpfs (memory)
 echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 \