Remove insecure password

Is there a way to remove the insecure password which was set with installation?

There is no password set on install of modern versions, only a SSH key for the rancher user. `

[rancher@ros ~]$ sudo grep rancher /etc/shadow
rancher:*:17568:0:99999:7:::

There is on my system. We have enabled it at install to make sure we can access the node from console. (As in VMWare console)
Now I want to remove it. How?

Edit /etc/shadow and change the text between the 1st and 2nd : on the line starting with rancher to * (like above).

Ok, but it is not persistent. When I reboot the node password and reboot the node the password is set again.
When I view my cloud-config it shows that password is still available.

$ sudo ros config export | grep password
  password: << REMOVED >>
$

How are these booted? are you running from ISO? have you configured persistent storage?