diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 89446ec..5df1ad1 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -21,3 +21,12 @@
   tags:
   - root-user
   - user
+- name: ensure ssh keys are authorized for root login
+  ansible.posix.authorized_key:
+    user: root
+    exclusive: true
+    key: '{{ root_authorized_keys }}'
+  when: root_authorized_keys is defined
+  tags:
+  - root-user
+  - ssh-key