diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
index 4c5eba2..3011b9b 100644
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@@ -35,6 +35,10 @@ crowdsec_lapi_server: "{{ inventory_hostname }}"
 # Use the central API, to share your banned IP, and received list of IP to ban
 # Requires crowdsec_lapi_enabled to be true too
 crowdsec_capi_enabled: False
+# You can either register manuelly and the the user/pass with those variable
+# Else, ansible will register and configure the credentials
+# crowdsec_capi_user: 123456789
+# crowdsec_capi_pass: azertyuiop
 
 # Port on which the prometheus metric endpoint will bind to
 crowdsec_prometheus_port: 6060
diff --git a/roles/crowdsec/tasks/conf.yml b/roles/crowdsec/tasks/conf.yml
index 47dd98d..2214c89 100644
--- a/roles/crowdsec/tasks/conf.yml
+++ b/roles/crowdsec/tasks/conf.yml
@@ -42,3 +42,37 @@
       when: crowdsec_lapi_registration.rc == 0
 
   tags: crowdsec
+
+- when:
+    - crowdsec_capi_enabled
+    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
+    - not crowdsec_capi_user_file.stat.exists or not crowdsec_capi_pass_file.stat.exists
+  block:
+    - name: Register on the central API
+      command: cscli capi register -o raw -f /dev/stdout
+      register: crowdsec_capi_credentials
+    - set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
+    - copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
+    - copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
+    - set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
+    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
+  tags: crowdsec
+
+- when:
+    - crowdsec_capi_enabled
+    - crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
+    - crowdsec_capi_user_file.stat.exists
+    - crowdsec_capi_pass_file.stat.exists
+  block:
+    - slurp: src=/etc/crowdsec/meta/capi_user
+      register: crowdsec_capi_user_meta
+    - set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
+    - slurp: src=/etc/crowdsec/meta/capi_pass
+      register: crowdsec_capi_pass_meta
+    - set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
+  tags: crowdsec
+
+- name: Deploy online credentials config
+  template: src=online_api_credentials.yaml.j2 dest=/etc/crowdsec/online_api_credentials.yaml mode=600
+  notify: reload crowdsec
+  tags: crowdsec
diff --git a/roles/crowdsec/tasks/facts.yml b/roles/crowdsec/tasks/facts.yml
index bafe3ff..5fb9a3e 100644
--- a/roles/crowdsec/tasks/facts.yml
+++ b/roles/crowdsec/tasks/facts.yml
@@ -43,3 +43,11 @@
     - crowdsec_lapi_enabled
   tags: crowdsec
 
+# Check if central API credentials are available in the meta dir
+- name: Check central API credential files
+  block: 
+    - stat: path=/etc/crowdsec/meta/capi_user
+      register: crowdsec_capi_user_file
+    - stat: path=/etc/crowdsec/meta/capi_pass
+      register: crowdsec_capi_pass_file
+  tags: crowdsec
diff --git a/roles/crowdsec/templates/online_api_credentials.yaml.j2 b/roles/crowdsec/templates/online_api_credentials.yaml.j2
new file mode 100644
index 0000000..99e08e1
--- /dev/null
+++ b/roles/crowdsec/templates/online_api_credentials.yaml.j2
@@ -0,0 +1,7 @@
+url: https://api.crowdsec.net/
+{% if crowdsec_capi_user is defined %}
+login: {{ crowdsec_capi_user }}
+{% endif %}
+{% if crowdsec_capi_pass is defined %}
+password: {{ crowdsec_capi_pass }}
+{% endif %}