diff --git a/defaults/main.yml b/defaults/main.yml
index 0148641b1..5abdbbc7c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -62,3 +62,5 @@ jenkins_init_folder: "/etc/systemd/system/jenkins.service.d"
 jenkins_init_file: "{{ jenkins_init_folder }}/override.conf"
 
 jenkins_restart_behavior: "service"
+
+jenkins_use_api_token: false
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
index 19bac1759..2aeb4329e 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,12 +1,3 @@
 ---
 - name: restart jenkins
-  include_tasks: tasks/restart.yml
-
-- name: configure default users
-  template:
-    src: basic-security.groovy.j2
-    dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
-    owner: "{{ jenkins_process_user }}"
-    group: "{{ jenkins_process_group }}"
-    mode: 0775
-  register: jenkins_users_config
+  include_tasks: tasks/restart.yml
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 26b920eb6..2f25e60bd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -58,10 +58,5 @@
   delay: 10
   check_mode: false
 
-- name: Remove Jenkins security init scripts after first startup.
-  file:
-    path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
-    state: absent
-
 # Update Jenkins and install configured plugins.
 - include_tasks: plugins.yml
diff --git a/tasks/plugins.yml b/tasks/plugins.yml
index dbc2a2dac..53119df2b 100644
--- a/tasks/plugins.yml
+++ b/tasks/plugins.yml
@@ -40,13 +40,14 @@
     path: "{{ jenkins_home }}/updates/default.json"
     regexp: "1d;$d"
 
-- name: Install Jenkins plugins using password.
+- name: Install Jenkins plugins using password or API token.
   jenkins_plugin:
     name: "{{ item.name | default(item) }}"
     version: "{{ item.version | default(omit) }}"
     jenkins_home: "{{ jenkins_home }}"
     url_username: "{{ jenkins_admin_username }}"
-    url_password: "{{ jenkins_admin_password }}"
+    force_basic_auth: "{{ jenkins_use_api_token }}"
+    url_password: "{{ jenkins_api_token | default(jenkins_admin_password) }}"
     state: "{{ 'present' if item.version is defined else jenkins_plugins_state }}"
     timeout: "{{ jenkins_plugin_timeout }}"
     updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
diff --git a/tasks/settings.yml b/tasks/settings.yml
index 2e80a2fea..1cfb86a37 100644
--- a/tasks/settings.yml
+++ b/tasks/settings.yml
@@ -65,6 +65,27 @@
     group: "{{ jenkins_process_group }}"
     mode: 0775
 
+- name: Configure default users
+  template:
+    src: basic-security.groovy.j2
+    dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
+    owner: "{{ jenkins_process_user }}"
+    group: "{{ jenkins_process_group }}"
+    mode: 0775
+  register: jenkins_users_config
+  notify: restart jenkins
+  when: jenkins_admin_password is defined and jenkins_admin_username is defined
+
+- name: Generate API token for admin user
+  template:
+    src: api-token-setup.groovy.j2
+    dest: "{{ jenkins_home }}/init.groovy.d/api-token-setup.groovy"
+    owner: "{{ jenkins_process_user }}"
+    group: "{{ jenkins_process_group }}"
+    mode: 0775
+  when: jenkins_use_api_token | bool and jenkins_admin_username is defined and jenkins_api_token is defined
+  notify: restart jenkins
+
 - name: Configure proxy config for Jenkins
   template:
     src: proxy.xml
diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml
index 07552ab9e..3f3c97276 100644
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@@ -39,10 +39,8 @@
     deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
     state: present
   when: jenkins_version is defined and specific_version.stat.exists
-  notify: configure default users
 
 - name: Ensure Jenkins is installed.
   apt:
     name: jenkins
     state: "{{ jenkins_package_state }}"
-  notify: configure default users
diff --git a/templates/api-token-setup.groovy.j2 b/templates/api-token-setup.groovy.j2
new file mode 100644
index 000000000..6a50809a5
--- /dev/null
+++ b/templates/api-token-setup.groovy.j2
@@ -0,0 +1,22 @@
+#!groovy
+import hudson.model.User
+import jenkins.security.*
+
+// Configuration - these variables will be replaced by Ansible templating
+def adminUsername = "{{ jenkins_admin_username }}"
+def apiTokenName = "{{ jenkins_admin_username }}-token"
+def apiTokenValue = "{{ jenkins_api_token }}"
+
+def user = User.get(adminUsername)
+def apiTokenProperty = user.getProperty(ApiTokenProperty.class)
+
+// Check if token property exists
+if (!apiTokenProperty) {
+    user.addProperty(new ApiTokenProperty())
+    apiTokenProperty = user.getProperty(ApiTokenProperty.class)
+}
+
+// Generate a new token with a pre-defined value
+def newToken = apiTokenProperty.tokenStore.addFixedNewToken(apiTokenName, apiTokenValue)
+
+user.save()