diff --git a/roles/vpn-wireguard/tasks/backup/main.yml b/roles/vpn-wireguard/tasks/backup/main.yml
index d368fd1c..35f5fd28 100644
--- a/roles/vpn-wireguard/tasks/backup/main.yml
+++ b/roles/vpn-wireguard/tasks/backup/main.yml
@@ -21,6 +21,7 @@
 
 - name: Store the public and the private keys in the password store
   when: creds.store == 'community.general.passwordstore'
+  tags: backup
   block:
     - name: Store the private key
       no_log: '{{ hide_secrets }}'
@@ -33,12 +34,12 @@
         _: >-
           {{ lookup(creds.store, creds.prefix + "/wireguard/public-key",
           create=true, missing="create", userpass=public_key) }}
-  tags: backup
 
 - name: Store the public and the private keys in plain text files
   when: creds.store == 'ansible.builtin.password'
   delegate_to: localhost
   become: false
+  tags: backup
   block:
     - name: Create credentials directory
       ansible.builtin.file:
@@ -56,4 +57,3 @@
         content: '{{ public_key }}'
         dest: '{{ backup_directory }}/wireguard/public-key'
         mode: '0600'
-  tags: backup
diff --git a/roles/vpn-wireguard/tasks/restore/main.yml b/roles/vpn-wireguard/tasks/restore/main.yml
index 8490b7f1..a0dca491 100644
--- a/roles/vpn-wireguard/tasks/restore/main.yml
+++ b/roles/vpn-wireguard/tasks/restore/main.yml
@@ -1,12 +1,12 @@
 ---
 
-- name: load the public key from the credentials store
+- name: Load the public key from the credentials store
   ansible.builtin.set_fact:
     public_key: >-
       {{ lookup(creds.store, creds.prefix + "/wireguard/public-key") }}
   tags: restore
 
-- name: load the private key from the credentials store
+- name: Load the private key from the credentials store
   no_log: '{{ hide_secrets }}'
   ansible.builtin.set_fact:
     private_key: >-