diff --git a/files/zfs-load-key.service b/files/zfs-load-key.service
new file mode 100644
index 0000000000000000000000000000000000000000..28e48636ac9ed4e76c5c8f036fe471cbd1e9a0e7
--- /dev/null
+++ b/files/zfs-load-key.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Load encryption keys
+DefaultDependencies=no
+After=zfs-import.target
+Before=zfs-mount.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/zfs load-key -a
+
+[Install]
+WantedBy=zfs-mount.service
diff --git a/tasks/main.yml b/tasks/main.yml
index 273d18e981d4b64a3b3806994db946abdf3ba7a7..69c57cab0823e14bdf13bb070fca0dbf8fcf6582 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,6 +6,20 @@
       - zfs-dkms
       - zfsutils-linux
 
+- name: copy zfs unlock systemd service
+  copy:
+    src: zfs-load-key.service
+    dest: /etc/systemd/system/zfs-load-key.service
+    owner: root
+    group: root
+    mode: 0644
+
+- name: enable systemd unlock service
+  ansible.builtin.systemd:
+    name: zfs-load-key.service
+    enabled: True
+    daemon_reload: True
+
 - name: create volumes
   loop: "{{ zfs.volumes|dict2items }}"
   include_tasks: volume.yml