diff --git a/defaults/main.yml b/defaults/main.yml
index 376fddc..02f88ea 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,5 +4,6 @@ ingress_domain: "local.dataminem.net"
 #  - 10.96.0.0/12
 #  - 10.244.0.0/16
 #  - 192.168.140.0/24
+basi_auth: false
 
 scope_version: 1.9.1
diff --git a/tasks/main.yml b/tasks/main.yml
index 982011d..3dbe938 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,6 +11,22 @@
       api_version: v1
       kind: Namespace
 
+  - name: Create a Secret object for basic authentification
+    k8s:
+      state: present
+      context: "{{ my_context }}"
+      definition:
+        apiVersion: v1
+        kind: Secret
+        metadata:
+          name: basic-auth
+          namespace: weave
+        type: Opaque
+        data:
+          basic_auth: "{{ basic_auth_data | b64encode }}"
+    when:
+      - basic_auth == true
+    tags: weave
 
   - name: Weave Scope files
     k8s:
diff --git a/templates/weave_ingress.yaml.j2 b/templates/weave_ingress.yaml.j2
index e8bb277..5bf17d8 100644
--- a/templates/weave_ingress.yaml.j2
+++ b/templates/weave_ingress.yaml.j2
@@ -10,6 +10,10 @@ metadata:
     ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
 {% endif %}
     traefik.frontend.priority: "10"
+{% if basic_auth is defined %}
+    traefik.ingress.kubernetes.io/auth-type: basic
+    traefik.ingress.kubernetes.io/auth-secret: traefik-auth
+{% endif %}
 spec:
   rules:
   - host: weave.{{ ingress_domain }}