diff --git a/defaults/main.yml b/defaults/main.yml
index b4fe083644e09d5db62d6074b4dd6c39094f27db..a2b81f10307c1a14beb6f72eba13ccc04c588c78 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,3 +23,4 @@ mongodb:
     keep_days: 2
   replicaset: {}
   user: {}
+  keyfile_contents: ""
diff --git a/tasks/main.yml b/tasks/main.yml
index 865ce3c078ddb12d113208982bba2da7a1b3e7ac..386ec70f8772c139abc30f1acb154c4df028dfe9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,6 +3,15 @@
     executable: pip3
     name: pymongo
 
+- name: template keyfile if necessary
+  copy:
+    dest: "{{ mongodb.config.security.keyFile }}"
+    content: "{{ mongodb.keyfile_contents }}"
+    owner: mongodb
+    group: mongodb
+    mode: "0600"
+  when: mongodb.keyfile_contents and mongodb.config.security.keyFile
+
 - name: copy mongodb config
   notify:
   - restart mongodb