diff --git a/pkgs/clan-cli/clan_cli/api/admin.py b/pkgs/clan-cli/clan_cli/api/admin.py
new file mode 100644
index 000000000..14b908e67
--- /dev/null
+++ b/pkgs/clan-cli/clan_cli/api/admin.py
@@ -0,0 +1,62 @@
+from clan_cli.api import API
+from clan_cli.inventory import (
+    AdminConfig,
+    ServiceAdmin,
+    ServiceAdminRole,
+    ServiceAdminRoleDefault,
+    ServiceMeta,
+    load_inventory_eval,
+    save_inventory,
+)
+
+
+@API.register
+def get_admin_service(base_url: str) -> ServiceAdmin | None:
+    """
+    Return the admin service of a clan.
+
+    There is only one admin service. This might be changed in the future
+    """
+    inventory = load_inventory_eval(base_url)
+    return inventory.services.admin.get("admin")
+
+
+@API.register
+def set_admin_service(
+    base_url: str, allowed_keys: list[str], instance_name: str = "admin"
+) -> None:
+    """
+    Set the admin service of a clan
+    Every machine is by default part of the admin service via the 'all' tag
+    """
+    inventory = load_inventory_eval(base_url)
+
+    if not allowed_keys:
+        raise ValueError("At least one key must be provided to ensure access")
+
+    keys = []
+    for keyfile in allowed_keys:
+        if not keyfile.startswith("/"):
+            raise ValueError(f"Keyfile '{keyfile}' must be an absolute path")
+        with open(keyfile) as f:
+            pubkey = f.read()
+            keys.append(pubkey)
+
+    instance = ServiceAdmin(
+        meta=ServiceMeta(name=instance_name),
+        roles=ServiceAdminRole(
+            default=ServiceAdminRoleDefault(
+                config=AdminConfig(allowedKeys=keys),
+                machines=[],
+                tags=["all"],
+            )
+        ),
+    )
+
+    inventory.services.admin[instance_name] = instance
+
+    save_inventory(
+        inventory,
+        base_url,
+        f"Set admin service: '{instance_name}'",
+    )
diff --git a/pkgs/clan-cli/clan_cli/inventory/__init__.py b/pkgs/clan-cli/clan_cli/inventory/__init__.py
index 3aabe6686..d95f4d26e 100644
--- a/pkgs/clan-cli/clan_cli/inventory/__init__.py
+++ b/pkgs/clan-cli/clan_cli/inventory/__init__.py
@@ -22,16 +22,25 @@ from clan_cli.git import commit_file
 from ..cmd import run_no_stdout
 from ..nix import nix_eval
 from .classes import (
+    AdminConfig,
     Inventory,
+    # Machine classes
     Machine,
     MachineDeploy,
+    # General classes
     Meta,
     Service,
+    # Admin service
+    ServiceAdmin,
+    ServiceAdminRole,
+    ServiceAdminRoleDefault,
+    # Borgbackup service
     ServiceBorgbackup,
     ServiceBorgbackupRole,
     ServiceBorgbackupRoleClient,
     ServiceBorgbackupRoleServer,
     ServiceMeta,
+    # Single Disk service
     ServiceSingleDisk,
     ServiceSingleDiskRole,
     ServiceSingleDiskRoleDefault,
@@ -58,6 +67,11 @@ __all__ = [
     "ServiceSingleDiskRole",
     "ServiceSingleDiskRoleDefault",
     "SingleDiskConfig",
+    # Admin service
+    "ServiceAdmin",
+    "ServiceAdminRole",
+    "ServiceAdminRoleDefault",
+    "AdminConfig",
 ]