## MODIFIED Requirements

### Requirement: Trojan credentials are managed via Ansible Vault
The landing server's Trojan password SHALL default to an auto-generated value from `credentials/trojan_password`, with manual override supported. The Trojan port SHALL remain fixed at 443 for HTTPS camouflage.

#### Scenario: Password uses auto-generated default
- **WHEN** the trojan role runs without manual overrides
- **THEN** the password comes from `credentials/` lookup value

#### Scenario: Port remains 443
- **WHEN** the trojan role runs
- **THEN** the Trojan port is 443 (not randomized, required for HTTPS camouflage)