diff --git a/defaults/main.yml b/defaults/main.yml
index 021d092557c2e4208670b762332dc4aa1adbeedc..68d1052b9a33e663830a5d65e445925845b21dd0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,6 +4,11 @@ zabbix_agent_logfile_size: 0
 zabbix_agent_server: '127.0.0.1'
 zabbix_agent_server_active: '127.0.0.1'
 zabbix_agent_hostname: 'Zabbix server'
+zabbix_tls_connect: 'unencrypted'
+zabbix_tls_accept: 'unencrypted'
+zabbix_tls_psk_identity: ''
+zabbix_tls_psk_file: ''
+
 zabbix_agent_userparameter:
   mysql:
     - mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/var/lib/zabbix mysql -N | awk '{print $$2}'
diff --git a/tasks/config.yml b/tasks/config.yml
index 353b454344f8e3a09d28f34f77ffa7d599c6ead6..e680025f3ece2ba17af4982836e4ae97ddc39676 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -7,6 +7,16 @@
     dest: '/etc/zabbix/zabbix_agentd.conf'
   notify: "Restart Zabbix Agent"
 
+- name: "Copy TLS PSK File"
+  copy:
+    src: '{{ inventory_dir }}/files/zabbix/{{ zabbix_tls_psk_file }}'
+    dest: '/etc/zabbix/{{ zabbix_tls_psk_file }}'
+    owner: 'zabbix'
+    group: 'root'
+    mode: '0600'
+  when: zabbix_tls_psk_file != ''
+  notify: "Restart Zabbix Agent"
+
 - name: "Agent User Config"
   template:
     src: 'userparameter.conf'
diff --git a/templates/zabbix_agentd.conf b/templates/zabbix_agentd.conf
index 1ee2a6208cede1bf7e5ef708216ed194757d7c42..03f2a8ee360b9f95beee5537e189766bcdd9d4f2 100644
--- a/templates/zabbix_agentd.conf
+++ b/templates/zabbix_agentd.conf
@@ -327,7 +327,7 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
-# TLSConnect=unencrypted
+TLSConnect={{ zabbix_tls_connect }}
 
 ### Option: TLSAccept
 #	What incoming connections to accept.
@@ -338,7 +338,7 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
-# TLSAccept=unencrypted
+TLSAccept={{ zabbix_tls_accept }}
 
 ### Option: TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for
@@ -388,11 +388,19 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: no
 # Default:
-# TLSPSKIdentity=
+{% if zabbix_tls_psk_identity == '' %}
+#TLSPSKIdentity=
+{% else %}
+TLSPSKIdentity={{ zabbix_tls_psk_identity }}
+{% endif %}
 
 ### Option: TLSPSKFile
 #	Full pathname of a file containing the pre-shared key.
 #
 # Mandatory: no
 # Default:
-# TLSPSKFile=
+{% if zabbix_tls_psk_file == '' %}
+#TLSPSKFile=
+{% else %}
+TLSPSKFile=/etc/zabbix/{{ zabbix_tls_psk_file }}
+{% endif %}