diff --git a/tasks/drbackupkey.yml b/tasks/drbackupkey.yml
new file mode 100644
index 0000000000..166230c580
--- /dev/null
+++ b/tasks/drbackupkey.yml
@@ -0,0 +1,13 @@
+---
+- name: ensure the user exists
+  group: name=drbackup state=present
+  user: name=drbackup comment="DR Backup User" group=drbackup shell=/bin/bash home=/var/lib/drbackup
+  file: dest=/var/lib/drbackup/ state=directory owner=drbackup group=drbackup mode=0700
+
+- name: install the authorized SSH key
+  file: dest=/var/lib/drbackup/.ssh/ state=directory owner=drbackup group=drbackup mode=0700
+  copy: src={{private}}/backup.pub dest=/var/lib/drbackup/.ssh/authorized_keys owner=drbackup group=drbackup mode=0600
+
+- name: deploy the confine-ssh script
+  tasks:
+  - include: "{{tasks}}/confine-ssh.yml"