diff --git a/README.md b/README.md
index dac53a7..b209a31 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Automatic Drupal and WissKI factory scripts
+# WissKI-Distillery
 
 This repository contains a factory server implementation that creates and maintains a list of Drupal Instances. 
 
@@ -99,10 +99,10 @@ We run the Drupal installation scripts.
 Here we tell Drupal about the database credentials, and initialize an initial 'admin' user for the drupal instance. 
 The password for the 'admin' user is randomly generated in this process. 
 
-__5. Create a GraphDB repository__
+__5. Create a GraphDB repository and user__
 
 Next, we create a dedidcated GraphDB repository for the WissKI instance. 
-*TODO*: Create a GraphDB user. 
+We also create a new GraphDB user with access to this repository. 
 
 __6. Add WissKI modules to Drupal__
 
@@ -165,7 +165,8 @@ sudo bash /factory/purge.sh SLUG
         - First steps after provisioning
 - Writeup approach to SSL (Wildcard cert with proxy that downgrades connections to plain http, or mod_md)
 - Automatically setup SALZ adapter (if this is possible)
-- Setup users for GraphDB and enable security, is this supported by WissKI SALZ?
+- Investigate support for GraphDB Auth in WissKI Salz
+    - Eventually enable security if needed
 - Allow customization of GraphDB installation paths
 
 
diff --git a/factory/lib/20_slug.sh b/factory/lib/20_slug.sh
index 1ac1224..6fcae9b 100644
--- a/factory/lib/20_slug.sh
+++ b/factory/lib/20_slug.sh
@@ -60,6 +60,7 @@ GRAPHDB_REPO="${GRAPHDB_REPO_PREFIX}${USERNAME_BASE}"
 
 # Compute the base directory for the files that will live on disk. 
 BASE_DIR="$DRUPAL_ROOT/$INSTANCE_DOMAIN"
+ENV_FILE="$BASE_DIR/wisski-env"
 COMPOSER_DIR="$BASE_DIR/project"
 WEB_DIR="$COMPOSER_DIR/web"
 ONTOLOGY_DIR="$WEB_DIR/sites/default/files/ontology"
diff --git a/factory/provision.sh b/factory/provision.sh
index b2d90a3..6a20167 100644
--- a/factory/provision.sh
+++ b/factory/provision.sh
@@ -95,14 +95,27 @@ drupal_sites_permission_workaround
 
 # Create a new repository for GraphDB. 
 # Use the template for this.
-# TODO: Permissions for GraphdDB
 log_info " => Generating new GraphDB repository '$GRAPHDB_REPO'"
 load_template "graphdb-repo.ttl" "GRAPHDB_REPO" "${GRAPHDB_REPO}" "INSTANCE_DOMAIN" "${INSTANCE_DOMAIN}" | \
 curl -X POST \
     http://127.0.0.1:7200/rest/repositories \
-    -H 'Content-Type: multipart/form-data' \
+    --header 'Content-Type: multipart/form-data' \
     -F "config=@-"
 
+# Generate a random password for the GraphDB user
+log_info " => Generating a new GraphDB password"
+GRAPHDB_PASSWORD="$(randompw)"
+
+# Create the user and grant them access to the creatd database. 
+log_info " => Creating GraphDB user '$GRAPHDB_USER'"
+load_template "graphdb-user.json" "GRAPHDB_USER" "${GRAPHDB_USER}" "GRAPHDB_REPO" "${GRAPHDB_REPO}" | \
+curl -X POST \
+    "http://127.0.0.1:7200/rest/security/user/${GRAPHDB_USER}" \
+    --header 'Content-Type: application/json' \
+    --header 'Accept: text/plain' \
+    --header "X-GraphDB-Password: $GRAPHDB_PASSWORD" \
+    -d @-
+
 # create a directory for ontologies. 
 log_info " => Creating '$ONTOLOGY_DIR'"
 mkdir -p "$ONTOLOGY_DIR"
@@ -137,7 +150,7 @@ log_ok "Some things below may fail. If that is the case, run: "
 log_ok "$ a2ensite \"${INSTANCE_DOMAIN}\""
 log_ok "$ systemctl reload apache2"
 log_ok "$ $SCRIPT_DIR/shell.sh $SLUG"
-log_ok "Your installation details are as follows"
+log_ok "Your installation details are as follows:"
 function printdetails() {
     echo "URL:                  http://$INSTANCE_DOMAIN"
     echo "Username:             $DRUPAL_USER"
@@ -152,6 +165,32 @@ function printdetails() {
 }
 printdetails
 
+function alldetails() {
+    echo "# Automatically generated WissKi details"
+    echo "# generated $(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+    echo "SLUG=$SLUG"
+    echo "INSTANCE_DOMAIN=$INSTANCE_DOMAIN"
+    echo "# System"
+    echo "SYSTEM_USER=$SYSTEM_USER"
+    echo "# Drupal"
+    echo "DRUPAL_USER=$DRUPAL_USER"
+    echo "DRUPAL_PASSWORD=$DRUPAL_PASSWORD"
+    echo "# MySQL"
+    echo "MYSQL_USER=$MYSQL_USER"
+    echo "MYSQL_PASSWORD=$MYSQL_PASSWORD"
+    echo "MYSQL_DATABASE=$MYSQL_DATABASE"
+    echo "# GraphDB"
+    echo "GRAPHDB_USER=$GRAPHDB_USER"
+    echo "GRAPHDB_PASSWORD=$GRAPHDB_PASSWORD"
+    echo "GRAPHDB_REPO=$GRAPHDB_REPO"
+}
+
+# put installation details in ENV_FILE
+log_info " => Storing installation details in $ENV_FILE"
+alldetails > "$ENV_FILE"
+chown "$SYSTEM_USER:$SYSTEM_USER" "$ENV_FILE"
+chmod o-r "$ENV_FILE"
+
 # Enable the WissKI modules. 
 log_info " => Enable Wisski modules"
 drush pm-enable --yes wisski_core wisski_linkblock wisski_pathbuilder wisski_adapter_sparql11_pb wisski_salz
diff --git a/factory/purge.sh b/factory/purge.sh
index 9edd677..6c84263 100644
--- a/factory/purge.sh
+++ b/factory/purge.sh
@@ -29,6 +29,10 @@ mysql -e "FLUSH PRIVILEGES;"
 log_info " => Deleting GraphDB repository '$GRAPHDB_REPO'"
 curl -X DELETE http://127.0.0.1:7200/rest/repositories/$GRAPHDB_REPO/
 
+log_info " => Deleting GraphDB user '$GRAPHDB_USER'"
+curl -X DELETE http://127.0.0.1:7200/rest/security/user/$GRAPHDB_USER/
+
+
 log_info " => Deleting system user and group '$SYSTEM_USER'"
 deluser "$SYSTEM_USER" || true
 delgroup "$SYSTEM_USER" || true
diff --git a/factory/resources/templates/graphdb-user.json b/factory/resources/templates/graphdb-user.json
new file mode 100644
index 0000000..50e498f
--- /dev/null
+++ b/factory/resources/templates/graphdb-user.json
@@ -0,0 +1,8 @@
+{
+    "username": "${GRAPHDB_USER}",
+    "grantedAuthorities": [
+        "ROLE_USER",
+        "READ_REPO_${GRAPHDB_REPO}",
+        "WRITE_REPO_${GRAPHDB_REPO}"
+    ]
+}