diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index 3944fce08476366201082991ad14a55696781740..7d99d600897377ee5644e82693f1815b8a559310 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -7,9 +7,10 @@ systemd_dir: /etc/systemd/system
 # apiserver endpoint to all masters here. This default value is only suitable
 # for a non-HA setup, if used in a HA setup, it will not protect you if the
 # first node fails.
+# Also you should define k3s_token so that masters can talk together securely
 
 apiserver_endpoint: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+# k3s_token: "mysupersecuretoken"
 
 extra_server_args: ""
 extra_agent_args: ""
-k3s_token: ""
diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s/master/defaults/main.yml
index 84472377e24f15487fd10da9cc9d8a0f7339bfd0..596c9cb58acddfc8e85400119e6c25ae96aea93c 100644
--- a/roles/k3s/master/defaults/main.yml
+++ b/roles/k3s/master/defaults/main.yml
@@ -7,5 +7,6 @@ server_init_args: >-
     {% else %}
       --server https://{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}:6443
     {% endif %}
+    --token {{ k3s_token }}
   {% endif %}
   {{ extra_server_args | default('') }}
diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
index 45e6d1dd4cd0e0db3c774821632042e43b1bf32b..704c62baeb915e8010f173e9477296435867a8d8 100644
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
@@ -16,7 +16,6 @@
   command:
     cmd: "systemd-run -p RestartSec=2 \
                       -p Restart=on-failure \
-                      -E K3S_TOKEN={{ k3s_token }} \
                       --unit=k3s-init \
                       k3s server {{ server_init_args }}"
     creates: "{{ systemd_dir }}/k3s.service"
diff --git a/roles/k3s/node/templates/k3s.service.j2 b/roles/k3s/node/templates/k3s.service.j2
index f3854676fbe7863272709ac563eac4aff5bfe6bc..01baa64edaaea12e2cb07fb5857a25cc80ea7c0e 100644
--- a/roles/k3s/node/templates/k3s.service.j2
+++ b/roles/k3s/node/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ k3s_token }} {{ extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ hostvars[groups['master'][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead