diff --git a/roles/robosignatory/files/sigul.production.conf b/roles/robosignatory/files/sigul.production.conf
new file mode 100644
index 0000000000..6524668d2b
--- /dev/null
+++ b/roles/robosignatory/files/sigul.production.conf
@@ -0,0 +1,20 @@
+[client]
+bridge-hostname: sign-bridge1
+server-hostname: sign-vault1
+client-cert-nickname: sigul-client-cert
+user-name: autopen
+
+[koji]
+koji-config: /etc/sigul/koji.conf
+koji-instances: primary
+koji-config-primary: /etc/sigul/koji.conf
+
+[nss]
+nss-dir: /etc/sigul
+nss-password:
+nss-min-tls: tls1.2
+nss-max-tls: tls1.2
+
+[binding]
+enabled: tpm
+tpm_nosrk: true
diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml
index 851d3ef229..486e2a4839 100644
--- a/roles/robosignatory/tasks/main.yml
+++ b/roles/robosignatory/tasks/main.yml
@@ -20,6 +20,12 @@
   - config
   - robosignatory
 
+- name: Install sigul configuration
+  copy: src=sigul.{{env}}.conf dest=/etc/sigul/client.conf owner=fedmsg group=fedmsg mode=0640
+  tags:
+  - config
+  - robosignatory
+
 - name: Install koji certificate and key
   copy: src="{{ private }}/files/koji/autopen.pem" dest=/etc/robosignatory/koji.cert
         owner=fedmsg group=fedmsg mode=0640