diff --git a/terraform/all-in-one/main.tf b/terraform/all-in-one/main.tf
index 264fa0c..530c888 100644
--- a/terraform/all-in-one/main.tf
+++ b/terraform/all-in-one/main.tf
@@ -22,7 +22,7 @@ module "install" {
   target_port            = var.target_port
   nixos_partitioner      = module.partitioner-build.result.out
   nixos_system           = module.system-build.result.out
-  ssh_private_key        = var.ssh_private_key
+  ssh_private_key        = var.install_ssh_key
   debug_logging          = var.debug_logging
   instance_id            = var.instance_id
 }
@@ -33,6 +33,7 @@ module "nixos-rebuild" {
   ]
   source = "../nixos-rebuild"
   nixos_system = module.system-build.result.out
+  ssh_private_key = var.deployment_ssh_key
   target_host = var.target_host
   target_user = var.target_user
 }
diff --git a/terraform/all-in-one/variables.tf b/terraform/all-in-one/variables.tf
index 9901175..c311eba 100644
--- a/terraform/all-in-one/variables.tf
+++ b/terraform/all-in-one/variables.tf
@@ -51,9 +51,15 @@ variable "instance_id" {
   default     = null
 }
 
-variable "ssh_private_key" {
+variable "install_ssh_key" {
   type        = string
-  description = "Content of private key used to connect to the target_host"
+  description = "Content of private key used to connect to the target_host during initial installation"
+  default     = null
+}
+
+variable "deployment_ssh_key" {
+  type        = string
+  description = "Content of private key used to deploy to the target_host after initial installation. To ensure maximum security, it is advisable to connect to your host using ssh-agent instead of relying on this variable"
   default     = null
 }
 
diff --git a/terraform/nixos-rebuild/main.tf b/terraform/nixos-rebuild/main.tf
index 030bce9..c70c9db 100644
--- a/terraform/nixos-rebuild/main.tf
+++ b/terraform/nixos-rebuild/main.tf
@@ -3,6 +3,10 @@ resource "null_resource" "nixos-rebuild" {
     store_path = var.nixos_system
   }
   provisioner "local-exec" {
+    environment = {
+      SSH_KEY = var.ssh_private_key
+    }
+
     command = "${path.module}/deploy.sh ${var.nixos_system} ${var.target_user}@${var.target_host} ${var.target_port}"
   }
 }
diff --git a/terraform/nixos-rebuild/variables.tf b/terraform/nixos-rebuild/variables.tf
index e650f0d..ab88be8 100644
--- a/terraform/nixos-rebuild/variables.tf
+++ b/terraform/nixos-rebuild/variables.tf
@@ -19,3 +19,9 @@ variable "target_port" {
   description = "SSH port used to connect to the target_host"
   default     = 22
 }
+
+variable "ssh_private_key" {
+  type        = string
+  description = "Content of private key used to connect to the target_host. If set to - no key is passed to openssh and ssh will back to its own configuration".
+  default     = "-"
+}