diff --git a/modules/services/step-ca/mtls.nix b/modules/services/step-ca/mtls.nix
index 7345e23..0323e21 100644
--- a/modules/services/step-ca/mtls.nix
+++ b/modules/services/step-ca/mtls.nix
@@ -46,6 +46,10 @@
         type = lib.types.listOf lib.types.str;
         default = [ ];
       };
+      provisioner = lib.mkOption {
+        type = lib.types.str;
+        default = "admin";
+      };
     };
 
     config = {
@@ -56,7 +60,7 @@
             ${cfg.subject} ${tlsCert} ${tlsKey} \
             --ca-url ${cfg.caURL} \
             --root ${rootCA} \
-            --provisioner admin \
+            --provisioner ${cfg.provisioner} \
             ${sanArgs}
           cat ${tlsCert} ${tlsKey} > ${mtlsBundle}
         '')