diff --git a/tasks/instance.yml b/tasks/instance.yml
index 6d204ab80402f30daf583b099b0dfb308e0af973..45f1585571ece41977ff6d40f9a0cfd6cae5c84b 100644
--- a/tasks/instance.yml
+++ b/tasks/instance.yml
@@ -19,18 +19,38 @@
     - name: Diff Valkey conf file as the file is too big for the template module diff mode
       block:
 
+        # ansible.builtin.tempfile can't be used in check mode
+        - name: "Set a fact for a random string for a TMP directory for {{ valkey_instance.name }}"
+          ansible.builtin.set_fact:
+            valkey_random: "{{ lookup('community.general.random_string', length=12) }}"
+          check_mode: false
+          changed_when: false
+
+        - name: "TMP directory present for {{ valkey_instance.name }}"
+          ansible.builtin.file:
+            path: "/tmp/{{ valkey_random }}"
+            state: directory
+            mode: "0700"
+            owner: valkey
+            group: valkey
+          check_mode: false
+          changed_when: false
+
         - name: "Write Valkey conf file to TMPDIR for {{ valkey_instance.name }}"
           ansible.builtin.template:
             src: valkey.conf.j2
-            dest: "/tmp/{{ valkey_instance.config_file | ansible.builtin.basename }}"
+            dest: "/tmp/{{ valkey_random }}/{{ valkey_instance.config_file | ansible.builtin.basename }}"
             owner: valkey
             group: valkey
-            mode: "0640"
+            mode: "0600"
           check_mode: false
           changed_when: false
 
         - name: "Diff Valkey conf file for {{ valkey_instance.name }}"
-          ansible.builtin.command: "diff -s --suppress-common-lines --ignore-matching-lines='^#' --color=never {{ valkey_instance.config_file }} /tmp/{{ valkey_instance.config_file | ansible.builtin.basename }}"
+          ansible.builtin.command: >-
+            diff -s --suppress-common-lines --ignore-matching-lines='^#' --color=never
+            {{ valkey_instance.config_file }}
+            /tmp/{{ valkey_random }}/{{ valkey_instance.config_file | ansible.builtin.basename -}}
           check_mode: false
           changed_when: false
           register: valkey_instance_config_diff
@@ -40,12 +60,14 @@
           ansible.builtin.debug:
             var: valkey_instance_config_diff.stdout_lines
           vars:
-            valkey_instance_diff_files: "{{ valkey_instance.config_file }} /tmp/{{ valkey_instance.config_file | ansible.builtin.basename }}"
+            valkey_instance_diff_files: >-
+              {{- valkey_instance.config_file }}
+              /tmp/{{ valkey_random }}/{{ valkey_instance.config_file | ansible.builtin.basename -}}
           when: valkey_instance_config_diff.rc == 1
 
         - name: "TMPDIR absent for {{ valkey_instance.name }}"
           ansible.builtin.file:
-            path: "{{ valkey_instance.config_file }} /tmp/{{ valkey_instance.config_file | ansible.builtin.basename }}"
+            path: "/tmp/{{ valkey_random }}"
             state: absent
           check_mode: false
           changed_when: false
@@ -60,9 +82,7 @@
         dest: "{{ valkey_instance.config_file }}"
         owner: valkey
         group: valkey
-        mode: "0640"
-        backup: true
-      when: not ansible_diff_mode | bool
+        mode: "0600"
 
   tags:
     - valkey