diff --git a/_machines/ares.yml b/_machines/ares.yml
index 56898e6..39d09f5 100644
--- a/_machines/ares.yml
+++ b/_machines/ares.yml
@@ -18,6 +18,7 @@ users:
     email: hannes@hkoerber.de
     id: "0xB5C002530C6A2053"
     fingerprint: "973AE48D71B76735C4712B5BB5C002530C6A2053"
+  enable_passwordstore: true
   environment:
     MACHINE_HAS_NEXTCLOUD: "true"
   has_yubikey: true
diff --git a/_machines/neptune.yml b/_machines/neptune.yml
index a16b6d0..3cacdc1 100644
--- a/_machines/neptune.yml
+++ b/_machines/neptune.yml
@@ -35,6 +35,7 @@ users:
     email: hannes@hkoerber.de
     id: "0xB5C002530C6A2053"
     fingerprint: "973AE48D71B76735C4712B5BB5C002530C6A2053"
+  enable_passwordstore: true
   environment:
     MACHINE_HAS_NEXTCLOUD: "true"
     MACHINE_HAS_RESTIC_BACKUP: "false"
diff --git a/_machines/tb-hak.yml b/_machines/tb-hak.yml
index 54ff4fe..7458571 100644
--- a/_machines/tb-hak.yml
+++ b/_machines/tb-hak.yml
@@ -29,6 +29,7 @@ users:
     email: hannes@hkoerber.de
     id: "0xB5C002530C6A2053"
     fingerprint: "973AE48D71B76735C4712B5BB5C002530C6A2053"
+  enable_passwordstore: true
   environment:
     MACHINE_HAS_NEXTCLOUD: "true"
     MACHINE_HAS_RESTIC_BACKUP: "false"
diff --git a/user.yml b/user.yml
index c0d7a8e..dc955e7 100644
--- a/user.yml
+++ b/user.yml
@@ -584,3 +584,17 @@
 
   when: user.gpg_key is defined
   tags: [gpg]
+
+- block:
+  - name: stat passwordstore checkout
+    stat:
+      path: /home/{{ user.name }}/.password-store
+    register: passwordstore_checkout
+  - name: check out passwordstore repository
+    git:
+      dest: /home/{{ user.name }}/.password-store
+      repo: ssh://git@code.hkoerber.de:2222/hannes/passwordstore.git
+      accept_hostkey: true
+    when: not passwordstore_checkout.stat.exists
+  when: user.enable_passwordstore|default(false) is sameas true
+  tags: [passwordstore]