diff --git a/roles/crowdsec/tasks/conf.yml b/roles/crowdsec/tasks/conf.yml
index 2214c89..3b109c0 100644
--- a/roles/crowdsec/tasks/conf.yml
+++ b/roles/crowdsec/tasks/conf.yml
@@ -19,34 +19,20 @@
     - db_pass: "{{ crowdsec_db_pass }}"
   tags: crowdsec
 
-- name: Declare on the local API
-  command: cscli machines add {{ crowdsec_lapi_user }} --auto
-  register: crowdsec_lapi_add
-  when: inventory_hostname == crowdsec_lapi_server
-  changed_when: crowdsec_lapi_add.rc == 0
-  failed_when: crowdsec_lapi_add.rc not in [0,1]
-  tags: crowdsec
-
-- when: inventory_hostname != crowdsec_lapi_server
+- when: crowdsec_lapi_pass is not defined
   block:
-    - name: Register against the Local API
-      command: cscli lapi register --machine {{ crowdsec_lapi_user }} --url {{ crowdsec_lapi_url }}
-      register: crowdsec_lapi_registration
-      changed_when: crowdsec_lapi_registration.rc == 0
-      failed_when: crowdsec_lapi_registration.rc not in [0,1] # RC 1 when machine already exists
-      notify: reload crowdsec
-    
-    - name: Validate crowdsec registration on the Local API server
-      command: cscli machines validate {{ crowdsec_lapi_user }}
+    - name: Declare on the local API
+      command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw
+      register: crowdsec_lapi_credentials
       delegate_to: "{{ crowdsec_lapi_server }}"
-      when: crowdsec_lapi_registration.rc == 0
-
+    - set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }}
+    - copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
+    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }}
   tags: crowdsec
 
 - when:
     - crowdsec_capi_enabled
     - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
-    - not crowdsec_capi_user_file.stat.exists or not crowdsec_capi_pass_file.stat.exists
   block:
     - name: Register on the central API
       command: cscli capi register -o raw -f /dev/stdout
@@ -58,21 +44,10 @@
     - set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
   tags: crowdsec
 
-- when:
-    - crowdsec_capi_enabled
-    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
-    - crowdsec_capi_user_file.stat.exists
-    - crowdsec_capi_pass_file.stat.exists
-  block:
-    - slurp: src=/etc/crowdsec/meta/capi_user
-      register: crowdsec_capi_user_meta
-    - set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
-    - slurp: src=/etc/crowdsec/meta/capi_pass
-      register: crowdsec_capi_pass_meta
-    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
-  tags: crowdsec
-
-- name: Deploy online credentials config
-  template: src=online_api_credentials.yaml.j2 dest=/etc/crowdsec/online_api_credentials.yaml mode=600
-  notify: reload crowdsec
+- name: Deploy credentials config
+  template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600
+  loop:
+    - online
+    - local
+  notify: restart crowdsec
   tags: crowdsec
diff --git a/roles/crowdsec/tasks/facts.yml b/roles/crowdsec/tasks/facts.yml
index 5fb9a3e..fe31470 100644
--- a/roles/crowdsec/tasks/facts.yml
+++ b/roles/crowdsec/tasks/facts.yml
@@ -43,6 +43,20 @@
     - crowdsec_lapi_enabled
   tags: crowdsec
 
+# Check if local API credentials are available in the meta dir
+- name: Check local API credential files
+  stat: path=/etc/crowdsec/meta/lapi_pass
+  register: crowdsec_lapi_pass_file
+  tags: crowdsec
+
+- name: Read the local API pass
+  block:
+    - slurp: src=/etc/crowdsec/meta/lapi_pass
+      register: crowdsec_lapi_pass_meta
+    - set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_pass_meta.content | b64decode | trim }}
+  when: crowdsec_lapi_pass is not defined and crowdsec_lapi_pass_file.stat.exists
+  tags: crowdsec
+
 # Check if central API credentials are available in the meta dir
 - name: Check central API credential files
   block: 
@@ -51,3 +65,20 @@
     - stat: path=/etc/crowdsec/meta/capi_pass
       register: crowdsec_capi_pass_file
   tags: crowdsec
+
+- name: Read the central API user
+  block:
+    - slurp: src=/etc/crowdsec/meta/capi_user
+      register: crowdsec_capi_user_meta
+    - set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
+  when: crowdsec_capi_user is not defined and crowdsec_capi_user_file.stat.exists
+  tags: crowdsec
+
+- name: Read the central API pass
+  block:
+    - slurp: src=/etc/crowdsec/meta/capi_pass
+      register: crowdsec_capi_pass_meta
+    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
+  when: crowdsec_capi_pass is not defined and crowdsec_capi_pass_file.stat.exists
+  tags: crowdsec
+