diff --git a/aclfile b/aclfile
new file mode 100644
index 0000000..e69de29
diff --git a/mosquitto.conf b/mosquitto.conf
index ee5156e..869d949 100644
--- a/mosquitto.conf
+++ b/mosquitto.conf
@@ -10,17 +10,20 @@ per_listener_settings true
 listener 1884
 protocol mqtt
 allow_anonymous true
+acl_file /mosquitto/config/aclfile
 
 listener 1883
 protocol mqtt
 allow_anonymous false
 password_file /mosquitto/config/pwfile
+acl_file /mosquitto/config/aclfile
 
 listener 8883
 protocol mqtt
 tls_version tlsv1.2
 allow_anonymous false
 password_file /mosquitto/config/pwfile
+acl_file /mosquitto/config/aclfile
 certfile /mosquitto/config/ssl/server.crt
 keyfile /mosquitto/config/ssl/server.key
 dhparamfile /mosquitto/config/dhparam.pem
diff --git a/update-config.sh b/update-config.sh
index 69e576f..e0cee59 100755
--- a/update-config.sh
+++ b/update-config.sh
@@ -13,6 +13,7 @@ openssl dhparam -out $DHPARAM 2048
 kubectl create configmap mosquitto-broker-config \
   --from-file=mosquitto.conf=mosquitto.conf \
   --from-file=pwfile=$SECRETS_PLAINTEXT \
+  --from-file=aclfile=aclfile \
   --from-file=dhparam.pem=$DHPARAM \
   --namespace=$NAMESPACE \
   --dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE