diff --git a/pedasi/settings.py b/pedasi/settings.py
index 755ab2659e8e2cfa79d680eb50b68f95cfa37d81..1786cc00ec1fa299bbe62696f55286badff1ba2e 100644
--- a/pedasi/settings.py
+++ b/pedasi/settings.py
@@ -139,6 +139,11 @@ DATABASES = {
     ),
 }
 
+DATABASES['default'].update({
+    'USER': config('DATABASE_USER'),
+    'PASSWORD': config('DATABASE_PASSWORD'),
+})
+
 mongoengine.register_connection(
     host=config(
         'PROV_DATABASE_URL',
diff --git a/playbook.yml b/playbook.yml
index dbb3e12befab80852f0d3720367b49e0f6e3a751..f65eead544d33d47ffd61d449befd20876294a56 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -140,13 +140,21 @@
         name: 'pedasi'
         state: present
 
-    - name: Create DB user
+    - name: Create DB user - dev settings
       mysql_user:
-        name: 'pedasi'
-        # TODO generate a real password
-        password: 'pedasi'
+        name: "{{ lookup('ini', 'DATABASE_USER type=properties file=deploy/.env.dev') }}"
+        password: "{{ lookup('ini', 'DATABASE_PASSWORD type=properties file=deploy/.env.dev') }}"
         state: present
         priv: 'pedasi.*:ALL'
+      when: production is not defined
+
+    - name: Create DB user - prod settings
+      mysql_user:
+        name: "{{ lookup('ini', 'DATABASE_USER type=properties file=deploy/.env.prod') }}"
+        password: "{{ lookup('ini', 'DATABASE_PASSWORD type=properties file=deploy/.env.prod') }}"
+        state: present
+        priv: 'pedasi.*:ALL'
+      when: production is defined
 
     - name: Set permissions on project directory
       file: