diff --git a/roles/web-app-keycloak/tasks/main.yml b/roles/web-app-keycloak/tasks/main.yml
index 474f919f..e60650b2 100644
--- a/roles/web-app-keycloak/tasks/main.yml
+++ b/roles/web-app-keycloak/tasks/main.yml
@@ -77,23 +77,16 @@
         }}
   include_tasks: _update.yml
 
-- name: "Update REALM mail settings"
+- name: "Update REALM mail settings from realm dictionary (SPOT)"
   include_tasks: _update.yml
   vars:
-    kc_object_kind: "realm"
+    kc_object_kind:  "realm"
     kc_lookup_field: "id"
     kc_lookup_value: "{{ KEYCLOAK_REALM }}"
     kc_desired:
-      smtpServer:
-        from: "no-reply@{{ DEFAULT_SYSTEM_EMAIL.DOMAIN }}"
-        fromDisplayName: "{{ SOFTWARE_NAME | default('Infinito.Nexus') }}"
-        host: "{{ DEFAULT_SYSTEM_EMAIL.HOST }}"
-        port: "{{ DEFAULT_SYSTEM_EMAIL.PORT }}"
-        # Keycloak expects strings "true"/"false"
-        ssl: "{{ 'true' if not DEFAULT_SYSTEM_EMAIL.START_TLS and DEFAULT_SYSTEM_EMAIL.TLS else 'false' }}"
-        starttls: "{{ 'true' if DEFAULT_SYSTEM_EMAIL.START_TLS else 'false' }}"
-        user: "{{ DEFAULT_SYSTEM_EMAIL.USER | default('') }}"
-        password: "{{ DEFAULT_SYSTEM_EMAIL.PASSWORD | default('') }}"
+      smtpServer: "{{ KEYCLOAK_DICTIONARY_REALM.smtpServer | default({}, true) }}"
+    kc_merge_path:  "smtpServer"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - include_tasks: 05_rbac_client_scope.yml
 
diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2
index a2c4ea9f..bcd44f9a 100644
--- a/roles/web-app-keycloak/templates/import/realm.json.j2
+++ b/roles/web-app-keycloak/templates/import/realm.json.j2
@@ -1443,20 +1443,7 @@
     "xXSSProtection": "1; mode=block",
     "strictTransportSecurity": "max-age=31536000; includeSubDomains"
   },
-  "smtpServer": {
-    "password": "{{ users['no-reply'].mailu_token }}",
-    "replyToDisplayName": "",
-    "starttls": "{{ SYSTEM_EMAIL.START_TLS | lower }}",
-    "auth": "true",
-    "port": "{{ SYSTEM_EMAIL.PORT }}",
-    "replyTo": "",
-    "host": "{{ SYSTEM_EMAIL.HOST }}",
-    "from": "{{ users['no-reply'].email }}",
-    "fromDisplayName": "Keycloak Authentification System - {{ KEYCLOAK_DOMAIN | upper }}",
-    "envelopeFrom": "",
-    "ssl": "true",
-    "user": "{{ users['no-reply'].email }}"
-  },
+  {%- include "smtp_server.json.j2" -%},
   "eventsEnabled": false,
   "eventsListeners": [
     "jboss-logging"
diff --git a/roles/web-app-keycloak/templates/import/smtp_server.json.j2 b/roles/web-app-keycloak/templates/import/smtp_server.json.j2
new file mode 100644
index 00000000..15a951b2
--- /dev/null
+++ b/roles/web-app-keycloak/templates/import/smtp_server.json.j2
@@ -0,0 +1,14 @@
+"smtpServer": {
+    "password": "{{ users['no-reply'].mailu_token }}",
+    "replyToDisplayName": "",
+    "starttls": "{{ SYSTEM_EMAIL.START_TLS | lower }}",
+    "auth": "true",
+    "port": "{{ SYSTEM_EMAIL.PORT }}",
+    "replyTo": "",
+    "host": "{{ SYSTEM_EMAIL.HOST }}",
+    "from": "{{ users['no-reply'].email }}",
+    "fromDisplayName": "Keycloak Authentication System - {{ KEYCLOAK_DOMAIN | upper }}",
+    "envelopeFrom": "",
+    "ssl": "{{ (SYSTEM_EMAIL.TLS and not SYSTEM_EMAIL.START_TLS) | ternary('true','false') }}",
+    "user": "{{ users['no-reply'].email }}"
+}
\ No newline at end of file