diff --git a/defaults/main.yml b/defaults/main.yml
index 6b14bd1..8a217b7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,13 @@
 ---
 # defaults file for provision_management_user
+provision_management_user_name: ansible
+provision_management_user_group: ansible
+provision_management_user_password: "*"
+provision_management_user_is_system: true
+provision_management_user_home: /opt/{{ provision_management_user_name }}
+provision_management_user_shell: /bin/bash
+provision_management_user_sudoer: false
+provision_management_user_add_ssh_key: false
+provision_management_user_ssh_key:
+provision_management_user_ssh_key_options: ""
+provision_management_user_ssh_key_exclusive: true
diff --git a/tasks/add_ssh_keys.yml b/tasks/add_ssh_keys.yml
new file mode 100644
index 0000000..165bf2e
--- /dev/null
+++ b/tasks/add_ssh_keys.yml
@@ -0,0 +1,9 @@
+---
+# task/add_ssh_keys file for provision_ansible_user
+- name: "Add key to authorized_keys"
+  ansible.posix.authorized_key:
+    user: "{{ provision_ansible_user_name }}"
+    key: "{{ provision_ansible_user_ssh_key }}"
+    comment: "{{ provision_ansible_user_name }}@{{ ansible_hostname }}"
+    key_options: "{{ provision_ansible_user_ssh_key_options }}"
+    exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"
diff --git a/tasks/create_user.yml b/tasks/create_user.yml
new file mode 100644
index 0000000..df6f61f
--- /dev/null
+++ b/tasks/create_user.yml
@@ -0,0 +1,27 @@
+---
+# task/create_user file for provision_ansible_user
+- name: "Create group {{ provision_ansible_user_group }}"
+  ansible.builtin.group:
+    name: "{{ provision_ansible_user_group }}"
+    state: present
+    system: "{{ provision_ansible_user_is_system }}"
+
+- name: "Create user {{ provision_ansible_user_name }}"
+  ansible.builtin.user:
+    name: "{{ provision_ansible_user_name }}"
+    comment: "Ansible service user"
+    password: "{{ provision_ansible_user_password }}"
+    group: "{{ provision_ansible_user_group }}"
+    home: "{{ provision_ansible_user_home }}"
+    shell: "{{ provision_ansible_user_shell }}"
+    system: "{{ provision_ansible_user_is_system }}"
+    create_home: true
+
+- name: "Add user to sudoers"
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
+    owner: root
+    group: root
+    mode: 0640
+    content: "{{ provision_ansible_user_name }}  ALL=(ALL)  NOPASSWD: ALL"
+  when: provision_ansible_user_sudoer
diff --git a/tasks/main.yml b/tasks/main.yml
index f2443af..6d4d78f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,8 @@
 ---
 # task/main file for provision_management_user
+- name: "Import create_user.yml"
+  ansible.builtin.include_tasks: create_user.yml
+
+- name: "Import add_ssh_keys.yml"
+  ansible.builtin.include_tasks: add_ssh_keys.yml
+  when: provision_ansible_user_add_ssh_key