diff --git a/README.md b/README.md
index bb34e43..e315e44 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,8 @@ This is a shell for a user, the shell only reads the input from the user and ret
 
 The server logs can be found at `/home/request/request_server.log`
 
+A playbook example can be found in `ansible.yaml`
+
 #### ca-shell
 
 This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.
diff --git a/ansible.yaml b/ansible.yaml
new file mode 100644
index 0000000..424739c
--- /dev/null
+++ b/ansible.yaml
@@ -0,0 +1,67 @@
+---
+# This is an example of how to use Ansible with the ca-server shell.
+# In this playbook we assume that you are requesting a ssh-host certificate
+# to be used by the host `machine.example.com` and that the server hosting
+# the ca-server shell is in your inventory under the name `ca_server`.
+#
+# We are using ed25519 as our preferred algorithm but any other one may be
+# just right, be sure to change both the key and certificate destination.
+#
+- name: Read host public key
+  slurp:
+  src: "/etc/ssh/ssh_host_ed25519_key.pub"
+  register: vm_public_key
+
+- debug:
+  var: vm_public_key['content']
+  verbosity: 2
+
+- name: generate host request
+  set_fact:
+  ca_request:
+    type: 'sign_request'
+    request:
+      keyType: 'ssh_host'
+      hostName: 'machine.example.com'
+      keyData: "{{ vm_public_key['content'] | b64decode | replace('\n', '')}}"
+
+- debug:
+  var: ca_request | to_json
+  verbosity: 2
+
+- raw: "{{ ca_request | to_json }}"
+  delegate_to: ca_server
+  delegate_facts: True
+  register: request_result
+  failed_when: "( request_result.stdout | string | from_json ).failed"
+
+- set_fact:
+    request_output: "{{ request_result.stdout | string | from_json }}"
+
+- debug:
+    var: request_output
+    verbosity: 2
+
+- debug:
+    msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"
+
+- name: generate get request
+  set_fact:
+    ca_request:
+      type: 'get_certificate'
+      requestID: '{{ request_output.requestID }}'
+
+- raw: "{{ ca_request | to_json }}"
+  delegate_to: ca_server
+  delegate_facts: True
+  register: request_result
+  failed_when: "( request_result.stdout | string | from_json ).failed"
+
+- set_fact:
+    cert_key: "{{ request_result.stdout | string | from_json }}"
+
+- name: write certificate to host
+  copy:
+    content: "{{ cert_key.result }}"
+    dest: "/etc/ssh/ssh_host_ed25519_key-cert.pub"
+  register: set_pub_key