diff --git a/defaults/main.yml b/defaults/main.yml
index 04a6c2b..e779bc8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -288,3 +288,11 @@ manila_api_uwsgi_ini_overrides: {}
 manila_environment_overrides:
   Service:
     Environment: "PATH={{ manila_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Manila keypair
+#
+# The following path ontains the keypair which will be used for SSH.  It requires that
+# the same file with a trailing .pub exists as well if using an existing key.  If this
+# is set and a key cannot be found it will generate one.
+#
+# manila_keypair_path: /etc/openstack_deploy/id_rsa
diff --git a/tasks/main.yml b/tasks/main.yml
index 41b761f..95e058e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -115,7 +115,14 @@
   tags:
     - manila-config
 
-- import_tasks: manila_db_sync.yml
+- import_tasks: manila_keys.yml
+  when:
+    - manila_keypair_path is defined
+    - manila_services['manila-share']['group'] in group_names
+  tags:
+    - manila-config
+
+- include_tasks: manila_db_sync.yml
   when:
     - _manila_is_first_play_host
   tags:
diff --git a/tasks/manila_keys.yml b/tasks/manila_keys.yml
new file mode 100644
index 0000000..ebc22a3
--- /dev/null
+++ b/tasks/manila_keys.yml
@@ -0,0 +1,17 @@
+---
+- name: Create SSH keypair
+  run_once: true
+  delegate_to: localhost
+  openssh_keypair:
+    path: "{{ manila_keypair_path }}"
+
+- name: Distribute SSH keypair
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/manila/{{ item | basename }}"
+    owner: "{{ manila_system_user_name }}"
+    group: "{{ manila_system_group_name }}"
+    mode: 0600
+  loop:
+    - "{{ manila_keypair_path }}.pub"
+    - "{{ manila_keypair_path }}"