diff --git a/defaults/main.yml b/defaults/main.yml
index 085ef11..e83d42d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -78,6 +78,11 @@ mariadb_mysqldump_raw: |
   quote-names
   max_allowed_packet = 16M
 
+# Changes the root password the first time and uses this variable
+# to connect to mariadb for any other operations
+#mariadb_root_password: changeme
+#mariadb_create_root_my_cnf: false
+
 # Databases
 mariadb_databases: []
 #   - name: db1
diff --git a/tasks/configure.yml b/tasks/configure.yml
index aecdc11..13090a5 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -28,3 +28,7 @@
 
 - name: Immediately restart MariaDB (necessary for replication)
   ansible.builtin.meta: flush_handlers
+
+- name: Root password
+  ansible.builtin.include: root-password.yml
+  when: mariadb_root_password is defined and mariadb_root_password != ""
diff --git a/tasks/root-password.yml b/tasks/root-password.yml
new file mode 100644
index 0000000..f35552c
--- /dev/null
+++ b/tasks/root-password.yml
@@ -0,0 +1,39 @@
+---
+- name: Check if the specified root password is already set
+  ansible.builtin.shell: >
+    mysqladmin -u root status
+  changed_when: false
+  failed_when: false
+  no_log: true
+  become: true
+  ignore_errors: true
+  register: _mariadb_password_check
+  tags: mariadb
+
+- name: Change the root password
+  community.mysql.mysql_user:
+    name: "root"
+    host: "localhost"
+    password: "{{ mariadb_root_password }}"
+    login_unix_socket: "{{ mariadb_unix_socket }}"
+  no_log: true
+  run_once: true
+  when: _mariadb_password_check.rc == 0
+  tags: root_password
+
+- name: Create /root/.my.cnf
+  ansible.builtin.copy:
+    dest: "/root/.my.cnf"
+    mode: "0640"
+    owner: root
+    group: root
+    content: |
+      [client]
+      user=root
+      password={{ mariadb_root_password}}
+  become: true
+  when:
+    - mariadb_root_password is defined and mariadb_root_password != ""
+    - mariadb_create_root_my_cnf is defined and mariadb_create_root_my_cnf
+
+# code: language=ansible
diff --git a/tasks/users.yml b/tasks/users.yml
index 9611248..3d4b06e 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -9,5 +9,7 @@
     append_privs: "{{ item.append_privs | default('no') }}"
     encrypted: "{{ item.encrypted | default('no') }}"
     login_unix_socket: "{{ mariadb_unix_socket }}"
+    login_user: root
+    login_password: "{{ mariadb_root_password | default(omit) }}"
   loop: "{{ mariadb_users }}"
   no_log: true