diff --git a/defaults/main.yml b/defaults/main.yml
index 396bfab..6ca6be5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -45,3 +45,5 @@ borgmatic_store_atime: true
 borgmatic_store_ctime: true
 borgmatic_relocated_repo_access_is_ok: false
 borgmatic_version: false
+
+ssh_config_path: /root/.ssh/config
diff --git a/tasks/main.yml b/tasks/main.yml
index efe6bd6..a0c8e6c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,10 +3,9 @@
   ansible.builtin.import_tasks: packages.yml
   tags: packages
 
-- name: Generate an OpenSSH keypair
-  community.crypto.openssh_keypair:
-    path: "{{ borg_ssh_key_file_path }}"
-    type: "{{ borg_ssh_key_type }}"
+- name: Create SSH key
+  ansible.builtin.import_tasks: ssh.yml
+  tags: ssh
 
 - name: Setup borgbase backup
   ansible.builtin.import_tasks: borgbase.yml
@@ -33,3 +32,4 @@
     command: "borgmatic init -e {{ borg_repo_key }}"
     responses:
       ^.*want to continue connecting.*$: "yes"
+
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
new file mode 100644
index 0000000..c9072ef
--- /dev/null
+++ b/tasks/ssh.yml
@@ -0,0 +1,19 @@
+---
+- name: "SSH | Generate an OpenSSH keypair"
+  community.crypto.openssh_keypair:
+    path: "{{ borg_ssh_key_file_path }}"
+    type: "{{ borg_ssh_key_type }}"
+
+- name: "SSH | Ensure configuration file is present"
+  ansible.builtin.file:
+    path: "{{ ssh_config_name }}"
+    state: touch
+    mode: "644"
+
+- name: "SSH | Insert borgbase configuration"
+  ansible.builtin.blockinfile:
+    path: "{{ ssh_config_name }}"
+    marker: "### {mark} ANSIBLE MANAGED BLOCK"
+    block: |
+      Host *.repo.borgbase.com
+      IdentityFile {{ borg_ssh_key_file_path }}