diff --git a/lib/puppet/type/keycloak_realm.rb b/lib/puppet/type/keycloak_realm.rb
index 5a151779..54325976 100644
--- a/lib/puppet/type/keycloak_realm.rb
+++ b/lib/puppet/type/keycloak_realm.rb
@@ -420,6 +420,10 @@ def should_to_s(_newvalue)
     defaultto :false
   end
 
+  newproperty(:password_policy) do
+    desc 'passwordPolicy'
+  end
+
   newproperty(:roles, array_matching: :all, parent: PuppetX::Keycloak::ArrayProperty) do
     desc 'roles'
     defaultto ['offline_access', 'uma_authorization']
diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb
index d06b4185..9758fec1 100644
--- a/spec/acceptance/2_realm_spec.rb
+++ b/spec/acceptance/2_realm_spec.rb
@@ -229,6 +229,7 @@ class { 'keycloak': }
         otp_policy_digits                 => 8,
         otp_policy_period                 => 30,
         otp_policy_code_reusable          => true,
+        password_policy                   => 'length(12) and notUsername(undefined) and notEmail(undefined) and forceExpiredPasswordChange(365) and hashIterations(27500) and passwordHistory(3) and regexPattern(^(?!\d+$)(?!.*test).*$) and specialChars(1) and upperCase(1) and lowerCase(1) and digits(1) and hashAlgorithm(pbkdf2-sha256) and maxLength(64)',
         web_authn_policy_rp_entity_name                    => 'Keycloak',
         web_authn_policy_signature_algorithms              => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'],
         web_authn_policy_rp_id                             => 'https://example.com',
@@ -258,6 +259,10 @@ class { 'keycloak': }
 
     it 'has updated the realm' do
       on hosts, '/opt/keycloak/bin/kcadm-wrapper.sh get realms/test' do
+        passwordPolicyValue = %w[length(12) and notUsername(undefined) and notEmail(undefined) and forceExpiredPasswordChange(365) and hashIterations(27_500] +
+                              %w[ and passwordHistory(3) and regexPattern(^(?!\d+$)(?!.*test).*$) and specialChars(1) and upperCase(1)] +
+                              %w[ and lowerCase(1) and digits(1) and hashAlgorithm(pbkdf2-sha256) and maxLength(64)]
+
         data = JSON.parse(stdout)
         expect(data['rememberMe']).to eq(true)
         expect(data['registrationAllowed']).to eq(true)
@@ -311,6 +316,7 @@ class { 'keycloak': }
         expect(data['otpPolicyDigits']).to eq(8)
         expect(data['otpPolicyPeriod']).to eq(30)
         expect(data['otpPolicyCodeReusable']).to eq(true)
+        expect(data['passwordPolicy']).to eq(passwordPolicyValue)
         expect(data['webAuthnPolicyRpEntityName']).to eq('Keycloak')
         expect(data['webAuthnPolicySignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'])
         expect(data['webAuthnPolicyRpId']).to eq('https://example.com')
diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
index 42a48eba..6f0e6978 100644
--- a/spec/unit/puppet/type/keycloak_realm_spec.rb
+++ b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -219,6 +219,7 @@
       :smtp_server_reply_to,
       :smtp_server_reply_to_display_name,
       :default_locale,
+      :password_policy,
       :web_authn_policy_rp_entity_name,
       :web_authn_policy_rp_id,
       :web_authn_policy_passwordless_rp_entity_name,