diff --git a/README.md b/README.md
index 7acd2ab..1e4a3ae 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ This is an [Ansible](http://www.ansibleworks.com/) playbook for [Elasticsearch](
 - Support for installing custom JARs in the Elasticsearch classpath (e.g. custom Lucene Similarity JAR)
 - Support for installing the [Sematext SPM](http://www.sematext.com/spm/) monitor
 - Support for installing the [Marvel](http://www.elasticsearch.org/guide/en/marvel/current/) plugin
+- Support for installing the [Shield](http://www.elasticsearch.org/guide/en/marvel/current/) plugin
 
 ## Installing
 
@@ -65,7 +66,7 @@ spm_client_token=<your SPM token here>
 ```
 
 ### Edit your vars/my-vars.yml
-See `vars/sample.yml` and `vars/vagrant.yml` for example variable files. These are the files where you specify Elasticsearch settings and apply certain features such as plugins, custom JARs or monitoring. The best way to enable configurations is to look at `templates/elasticsearch.yml.j2` and see which variables you want to defile in your `vars/my-vars.yml`. See below for configurations regarding EC2, plugins and custom JARs.
+See `vars/sample.yml` and `vars/vagrant.yml` for example variable files. These are the files where you specify Elasticsearch settings and apply certain features such as plugins, custom JARs or monitoring. The best way to enable configurations is to look at `templates/elasticsearch.yml.j2` and see which variables you want to define in your `vars/my-vars.yml`. See below for configurations regarding EC2, plugins and custom JARs.
 
 ### Edit your my-playbook-main.yml
 Example `my-playbook-main.yml`:
@@ -186,6 +187,37 @@ The following variables provide configuration for the plugin. More options may b
 - elasticsearch_plugin_marvel_agent_interval
 - elasticsearch_plugin_marvel_agent_exporter_es_index_timeformat
 
+
+### Configuring Shield
+The following variables need to be defined in your playbook or inventory:
+
+- elasticsearch_plugin_shield_enabled
+
+The following variables provide configuration for the plugin. More options may be available in the future (see [https://www.elastic.co/guide/en/shield/current/reference.html](https://www.elastic.co/guide/en/shield/current/reference.html)):
+- elasticsearch_plugin_shield_ssl_keystore_path
+- elasticsearch_plugin_shield_ssl_keystore_password
+- elasticsearch_plugin_shield_ssl_keystore_key_password
+- elasticsearch_plugin_shield_ssl_hostname_verification
+- elasticsearch_plugin_shield_transport_ssl
+- elasticsearch_plugin_shield_http_ssl
+- elasticsearch_plugin_shield_audit_enabled
+- elasticsearch_plugin_shield_realms
+- elasticsearch_plugin_shield_realms_esusers
+  + order: 0
+  + enabled: "false"
+
+- elasticsearch_plugin_shield_realms_active_directory
+  + order: 1
+  + domain_name: example.com
+  + unmapped_groups_as_roles: "true"
+  + url: ldap://ad.microsoft.com
+  + enabled: "true"
+
+- elasticsearch_esusers
+  + - {username:demouser, password: mypass, role: myrole}
+
+ - elasticsearch_shield_files: path to folder with Shield configuration files which will be copied into /etc/elasticsearch/shield
+
 ## Disable Java installation
 
 If you prefer to skip the built-in installation of the Oracle JRE, use the `elasticsearch_install_java` flag:
@@ -247,3 +279,5 @@ MIT
 # Author Information
 
 George Stathis - gstathis [at] traackr.com
+Mats Olsen molsen [at] comperiosearch.com
+Christoffer Vig cvig [at] comperiosearch.com
diff --git a/Vagrantfile b/Vagrantfile
index 5b42618..283e552 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,12 +1,16 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
-
+$script = <<SCRIPT
+cd /vagrant
+ansible-playbook -i vagrant-inventory.ini vagrant-main.yml -vv
+SCRIPT
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 VAGRANTFILE_API_VERSION = "2"
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # Every Vagrant virtual environment requires a box to build off of.
   config.vm.box = "ubuntu/trusty64"
+  config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
   config.vm.provider "virtualbox" do |v|
     v.memory = 2048
     v.cpus = 2
@@ -22,13 +26,15 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # the path on the guest to mount the folder. And the optional third
   # argument is a set of non-required options.
   # config.vm.synced_folder "../data", "/vagrant_data"
-  config.vm.synced_folder '.', '/vagrant'
+  config.vm.synced_folder '.', '/vagrant', mount_options: ["dmode=777,fmode=666"]
 
-  config.vm.provision :ansible do |ansible|
-    ansible.inventory_path = "vagrant-inventory.ini"
-    ansible.playbook = "vagrant-main.yml"
-    ansible.extra_vars = { user: "vagrant" }
-    ansible.limit = 'all'
-    # ansible.verbose = 'vvvv'
-  end
-end
+  config.vm.provision :shell,
+    :keep_color => true,
+    :path => "setup.sh"
+  
+
+  config.vm.provision :shell,
+   :keep_color => true,
+   :inline =>  $script
+  
+end
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
index 95762a5..8294c58 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,7 +7,7 @@ elasticsearch_download_url: https://download.elasticsearch.org/elasticsearch/ela
 elasticsearch_version: 1.7.3
 elasticsearch_apt_repos:
   - 'ppa:webupd8team/java'
-elasticsearch_apt_java_package: oracle-java7-installer
+elasticsearch_apt_java_package: oracle-java8-installer
 elasticsearch_apt_dependencies:
   - htop
   - ntp
@@ -29,3 +29,6 @@ elasticsearch_service_state: started
 # Non-Elasticsearch Defaults
 apt_cache_valid_time: 300 # seconds between "apt-get update" calls.
 elasticsearch_install_java: "true"
+#uncomment to enable shield
+#elasticsearch_plugin_shield_enabled: "true"
+
diff --git a/setup.sh b/setup.sh
new file mode 100644
index 0000000..4d94176
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+export PYTHONUNBUFFERED=1
+export ANSIBLE_FORCE_COLOR=1
+
+if [ $(dpkg-query -W -f='${Status}' ansible 2>/dev/null | grep -c "ok installed") -eq 0 ];
+then
+    echo "Add APT repositories"
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get install -qq software-properties-common &> /dev/null || exit 1
+    apt-add-repository ppa:ansible/ansible &> /dev/null || exit 1
+
+    apt-get update -qq
+
+    echo "Installing Ansible"
+    apt-get install -qq ansible &> /dev/null || exit 1
+    echo "Ansible installed"
+fi
+
diff --git a/tasks/esusers.yml b/tasks/esusers.yml
new file mode 100644
index 0000000..074964e
--- /dev/null
+++ b/tasks/esusers.yml
@@ -0,0 +1,12 @@
+- name: Delete user from esuser realm if it exists
+  action: >
+    shell bin/shield/esusers userdel {{ item.username }}
+    chdir={{ elasticsearch_home_dir }}
+  ignore_errors: yes
+  with_items: elasticsearch_esusers
+- name: Add user to esuser realm
+  action: >
+    shell bin/shield/esusers useradd "{{ item.username }}" -p "{{ item.password }}" -r "{{ item.role }}"
+    chdir={{ elasticsearch_home_dir }}
+  ignore_errors: no
+  with_items: elasticsearch_esusers
diff --git a/tasks/main.yml b/tasks/main.yml
index f34a5b8..a347df7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,5 +27,9 @@
 - include: marvel.yml
   when: (elasticsearch_plugin_marvel_version is defined)
 
+# Setup Shield
+- include: shield.yml
+  when: (elasticsearch_shield_enabled is defined and elasticsearch_shield_enabled == "true")
+
 # Always run post-run tasks
 - include: post-run.yml
diff --git a/tasks/shield.yml b/tasks/shield.yml
new file mode 100644
index 0000000..3eed382
--- /dev/null
+++ b/tasks/shield.yml
@@ -0,0 +1,9 @@
+- name: shield | esusers
+  include: esusers.yml
+  when: (elasticsearch_esusers is defined)
+
+- name: shield | config files
+  copy: src={{elasticsearch_shield_files}} dest=/etc/elasticsearch/shield/
+  tags: shield_config_files
+  when: (elasticsearch_shield_files is defined)
+  notify: Restart Elasticsearch
diff --git a/templates/elasticsearch.yml.j2 b/templates/elasticsearch.yml.j2
index d308ed7..b603fea 100644
--- a/templates/elasticsearch.yml.j2
+++ b/templates/elasticsearch.yml.j2
@@ -220,6 +220,7 @@ path.logs: {{ elasticsearch_log_dir }}
 path.plugins: {{ elasticsearch_plugin_dir }}
 {% endif %}
 
+
 #################################### Plugin ###################################
 
 # If a plugin listed here is not installed for current node, the node will not start.
@@ -664,7 +665,11 @@ http.cors.enabled: {{ elasticsearch_http_cors_enabled }}
 {% endif %}
 
 {% if elasticsearch_http_cors_allow_origin is defined %}
-http.cors.allow-origin: {{ elasticsearch_http_cors_allow_origin}}
+http.cors.allow-origin: {{ elasticsearch_http_cors_allow_origin }}
+{% endif %}
+
+{% if elasticsearch_http_cors_allow_credentials is defined%}
+http.cors.allow-credentials: {{ elasticsearch_http_cors_allow_credentials }}
 {% endif %}
 
 {% if elasticsearch_script_groovy_sandbox_enabled is defined %}
@@ -678,3 +683,66 @@ script.groovy.sandbox.enabled: {{ elasticsearch_script_groovy_sandbox_enabled }}
 cluster.routing.allocation.awareness.attributes: zone
 node.zone: {{ facter_ec2_placement_availability_zone }}
 {% endif %}
+
+
+
+{% if elasticsearch_plugin_shield_enabled is defined %}
+{% if elasticsearch_plugin_shield_enabled == "false"  %}
+
+shield.enabled: false
+
+{% else %}
+################################### Shield Settings #####################################
+
+{% if elasticsearch_plugin_shield_ssl_keystore_path is defined %}
+shield.ssl.keystore.path: {{ elasticsearch_plugin_shield_ssl_keystore_path }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_ssl_keystore_password is defined %}
+shield.ssl.keystore.password: {{ elasticsearch_plugin_shield_ssl_keystore_password }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_ssl_keystore_key_password is defined %}
+shield.ssl.keystore.key_password: {{ elasticsearch_plugin_shield_ssl_keystore_key_password }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_ssl_hostname_verification is defined %}
+shield.ssl.hostname_verification: {{ elasticsearch_plugin_shield_ssl_hostname_verification }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_transport_ssl is defined %}
+shield.transport.ssl: {{ elasticsearch_plugin_shield_transport_ssl }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_http_ssl is defined %}
+shield.http.ssl: {{ elasticsearch_plugin_shield_http_ssl }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_audit_enabled is defined %}
+shield.audit.enabled: {{elasticsearch_plugin_shield_audit_enabled}}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_realms is defined %}
+shield.authc.realms:
+{% if elasticsearch_plugin_shield_realms_esusers is defined %}
+  esusers:
+    type: esusers
+    order: {{ elasticsearch_plugin_shield_realms_esusers.order }}
+    enabled: {{ elasticsearch_plugin_shield_realms_esusers.enabled }}
+{% endif %}
+
+{% if elasticsearch_plugin_shield_realms_active_directory is defined %}
+  active_directory:
+    type: active_directory
+    order: {{ elasticsearch_plugin_shield_realms_active_directory.order }}
+    enabled: {{ elasticsearch_plugin_shield_realms_active_directory.enabled }}
+    domain_name: {{ elasticsearch_plugin_shield_realms_active_directory.domain_name }}
+    unmapped_groups_as_roles: {{ elasticsearch_plugin_shield_realms_active_directory.unmapped_groups_as_roles }}
+    url: {{ elasticsearch_plugin_shield_realms_active_directory.url }}
+    #cache.ttl: 1m
+{% endif %}
+{% endif %}
+{% endif %}
+
+
+{% endif %}
diff --git a/vagrant-inventory.ini b/vagrant-inventory.ini
index fe9f0dc..01849c2 100644
--- a/vagrant-inventory.ini
+++ b/vagrant-inventory.ini
@@ -6,7 +6,7 @@
 # Local Environment #
 #####################
 [vagrant]
-192.168.111.10 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant
+192.168.111.10 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant ansible_connection=local
 
 [vagrant:vars]
 # spm_client_token=<enter your token>
diff --git a/vars/vagrant.yml b/vars/vagrant.yml
index b346948..c84a194 100644
--- a/vars/vagrant.yml
+++ b/vars/vagrant.yml
@@ -6,7 +6,7 @@ elasticsearch_apt_java_package: oracle-java8-installer
 elasticsearch_java_home: /usr/lib/jvm/java-8-oracle
 elasticsearch_heap_size: 1g
 elasticsearch_max_open_files: 65535
-elasticsearch_timezone: "America/New_York"
+elasticsearch_timezone:  "America/New_York"
 elasticsearch_node_max_local_storage_nodes: 1
 elasticsearch_index_mapper_dynamic: "true"
 elasticsearch_memory_bootstrap_mlockall: "true"
@@ -16,8 +16,9 @@ elasticsearch_plugins:
   - { name: 'com.github.richardwilly98.elasticsearch/elasticsearch-river-mongodb/2.0.9', reinstall: false }
   - { name: 'facet-script', url: 'http://dl.bintray.com/content/imotov/elasticsearch-plugins/elasticsearch-facet-script-1.1.2.zip', reinstall: false }
   - { name: 'http-basic', url: 'https://github.com/Asquera/elasticsearch-http-basic/releases/download/v1.5.1/elasticsearch-http-basic-1.5.1.jar', download_only: true, reinstall: false }
+
 elasticsearch_thread_pools:
   - "threadpool.bulk.type: fixed"
   - "threadpool.bulk.size: 50"
   - "threadpool.bulk.queue_size: 1000"
-elasticsearch_service_startonboot: yes
+elasticsearch_service_startonboot: yes
\ No newline at end of file