diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -92,6 +92,14 @@
 
     - ops/privacy/ops-cidr
 
+    #
+    # Credentials used by Nasqueron services
+    # Format: ops/secrets/nasqueron/service/<...>
+    #
+
+    - ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
+    - ops/secrets/nasqueron/rabbitmq/white-rabbit/root
+
     #
     # Credentials used by Nasqueron services
     # Format: ops/secrets/nasqueron.<service>.<type>
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -222,6 +222,9 @@
         ip: *ipv4_docker001_restricted
         host: white-rabbit.nasqueron.org
         app_port: 15672
+        credentials:
+          erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
+          root: nasqueron/rabbitmq/white-rabbit/root
 
     redis:
       sentry_redis: {}
diff --git a/roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja b/roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# RabbitMQ startup needs a dozen of seconds
+sleep 20
+
+docker exec {{ instance }} rabbitmqctl delete_user guest
+docker exec {{ instance }} rabbitmqctl add_user root {{ password | yaml_squote }}
+docker exec {{ instance }} rabbitmqctl set_user_tags root administrator
+touch /srv/rabbitmq/{{ instance }}/.auth-configured
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
--- a/roles/paas-docker/containers/rabbitmq.sls
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -21,6 +21,13 @@
     - group: 999
     - makedirs: True
 
+/srv/rabbitmq/{{ instance }}/lib/.erlang.cookie:
+  file.managed:
+    - user: 999
+    - group: 999
+    - mode: 400
+    - contents: {{ salt['credentials.get_token'](container['credentials']['erlang_cookie']) }}
+
 {% if has_selinux %}
 selinux_context_rabbitmq_data_{{ instance }}:
   selinux.fcontext_policy_present:
@@ -50,4 +57,20 @@
       - {{ container['ip'] }}:{{ port }}:{{ port }}
 {% endfor %}
 
+
+#   -------------------------------------------------------------
+#   Credentials
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+rabbitmq_{{ instance }}_root_password:
+  cmd.script:
+    - source: salt://roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja
+    - template: jinja
+    - context:
+        instance: {{ instance }}
+        password: {{ salt['credentials.get_token'](container['credentials']['root']) }}
+    - require:
+        - {{ instance }}
+    - creates: /srv/rabbitmq/{{ instance }}/.auth-configured
+
 {% endfor %}