diff --git a/app.py b/app.py
index c4c3280..a1486b0 100644
--- a/app.py
+++ b/app.py
@@ -396,6 +396,41 @@ async def ansible_run(request: Request, _=Depends(_verify)):
     if not hostname:
         return JSONResponse({"error": "limit/hostname required"}, status_code=400)
     rc, out, err = _ssh(AUTOMATION1, f"cd /app-config/ansible && bash pfannkuchen.sh setup {hostname}", timeout=600)
+    
+    # After successful ansible run: sync Hawser token to Dockhand
+    if rc == 0:
+        try:
+            # Get VM IP from inventory
+            inv_path = "/app-config/ansible/pfannkuchen.ini"
+            rc2, ip_out, _ = _ssh(AUTOMATION1, f"grep -E '^{hostname} ' {inv_path} | awk '{{print $2}}' | cut -d= -f2", timeout=10)
+            vm_ip = ip_out.strip() if rc2 == 0 else None
+            
+            if vm_ip:
+                # Read Hawser token from VM
+                rc3, token_out, _ = _ssh(AUTOMATION1, f"ssh -o StrictHostKeyChecking=no sascha@{vm_ip} 'sudo grep ^TOKEN= /etc/hawser/config | cut -d= -f2' 2>/dev/null", timeout=15)
+                hawser_token = token_out.strip() if rc3 == 0 and token_out.strip() else None
+                
+                if hawser_token:
+                    # Find environment in Dockhand by IP and update token
+                    async with httpx.AsyncClient(verify=False, timeout=10) as c:
+                        # Login to Dockhand
+                        login = await c.post(f"{SERVICES['dockhand']['url']}/api/auth/login", 
+                                            json={"username": "admin", "password": _read("dockhand") or ""})
+                        if login.status_code == 200:
+                            cookie = dict(login.cookies)
+                            # Get all environments
+                            envs = await c.get(f"{SERVICES['dockhand']['url']}/api/environments", cookies=cookie)
+                            for env in envs.json():
+                                if env.get("host") == vm_ip:
+                                    # Update environment with Hawser token
+                                    await c.put(f"{SERVICES['dockhand']['url']}/api/environments/{env['id']}",
+                                               json={"hawserToken": hawser_token},
+                                               cookies=cookie)
+                                    log.info(f"Updated Hawser token for {hostname} (env {env['id']})")
+                                    break
+        except Exception as e:
+            log.warning(f"Hawser token sync failed for {hostname}: {e}")
+    
     return {"status": "ok" if rc == 0 else "error", "rc": rc, "output": out[-1000:]}
 
 @app.get("/ansible/status/{job_id}")
@@ -526,3 +561,4 @@ async def proxy(service: str, path: str, request: Request, _=Depends(_verify)):
 
 
 
+