diff --git a/ansible/roles/bifrost/tasks/bootstrap.yml b/ansible/roles/bifrost/tasks/bootstrap.yml
index d4cb0fa79ec1a87021165ecfe69365a7fd02db0b..8332c1d9e682b1e437ec247765ef8a4b1b5011f7 100644
--- a/ansible/roles/bifrost/tasks/bootstrap.yml
+++ b/ansible/roles/bifrost/tasks/bootstrap.yml
@@ -7,3 +7,22 @@
      ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost
      /bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml
      -e @/etc/bifrost/dib.yml -e  skip_package_install=true'
+- name: installing ssh keys
+  command: >
+     docker exec bifrost_deploy
+     bash -c 'mkdir /root/.ssh ; mkdir /home/ironic/.ssh;
+     cp -f /etc/bifrost/id_rsa /root/.ssh/id_rsa &&
+     cp -f /etc/bifrost/id_rsa.pub /root/.ssh/id_rsa.pub &&
+     cp -f /etc/bifrost/ssh_config /root/.ssh/config &&
+     cp -f /etc/bifrost/id_rsa /home/ironic/.ssh/id_rsa &&
+     cp -f /etc/bifrost/id_rsa.pub /home/ironic/.ssh/id_rsa.pub &&
+     cp -f /etc/bifrost/ssh_config /home/ironic/.ssh/config &&
+     chmod 600 /root/.ssh/id_rsa &&
+     chmod 600 /root/.ssh/id_rsa.pub &&
+     chmod 600 /root/.ssh/config &&
+     chmod 600 /home/ironic/.ssh/id_rsa &&
+     chmod 600 /home/ironic/.ssh/id_rsa.pub &&
+     chmod 600 /home/ironic/.ssh/config &&
+     chown ironic:ironic /home/ironic/.ssh/id_rsa &&
+     chown ironic:ironic /home/ironic/.ssh/id_rsa.pub &&
+     chown ironic:ironic /home/ironic/.ssh/config'
diff --git a/ansible/roles/bifrost/tasks/config.yml b/ansible/roles/bifrost/tasks/config.yml
index 8a66523bc296a3aea8244718ac6b953e7be27d33..14bcbb267f59c82ea80eeae77dc156266a2923b6 100644
--- a/ansible/roles/bifrost/tasks/config.yml
+++ b/ansible/roles/bifrost/tasks/config.yml
@@ -19,3 +19,12 @@
     - "dib"
     - "servers"
 
+- name: template ssh keys
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ node_config_directory }}/bifrost/{{ item.dest }}"
+  with_items:
+    - { src: "id_rsa", dest: "id_rsa" }
+    - { src: "id_rsa.pub", dest: "id_rsa.pub" }
+    - { src: "ssh_config", dest: "ssh_config" }
+
diff --git a/ansible/roles/bifrost/templates/id_rsa b/ansible/roles/bifrost/templates/id_rsa
new file mode 100644
index 0000000000000000000000000000000000000000..d1d3a9ed4919346a8f6db1f9eec6914684edaeec
--- /dev/null
+++ b/ansible/roles/bifrost/templates/id_rsa
@@ -0,0 +1 @@
+{{ bifrost_ssh_key.private_key }}
diff --git a/ansible/roles/bifrost/templates/id_rsa.pub b/ansible/roles/bifrost/templates/id_rsa.pub
new file mode 100644
index 0000000000000000000000000000000000000000..173bbb204b518a4531d8f872f3362bc6d820a276
--- /dev/null
+++ b/ansible/roles/bifrost/templates/id_rsa.pub
@@ -0,0 +1 @@
+{{ bifrost_ssh_key.public_key }}
diff --git a/ansible/roles/bifrost/templates/ssh_config b/ansible/roles/bifrost/templates/ssh_config
new file mode 100644
index 0000000000000000000000000000000000000000..41dff51a6ba01a5769ec4453aedeca98aa6da071
--- /dev/null
+++ b/ansible/roles/bifrost/templates/ssh_config
@@ -0,0 +1,3 @@
+Host *
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
diff --git a/doc/bifrost.rst b/doc/bifrost.rst
index 5e8f29c7cb0c965ee5cd324b3db7bc10586bccf0..ce6ac4b461fbed0cc9dcead1af31508ee634e117 100644
--- a/doc/bifrost.rst
+++ b/doc/bifrost.rst
@@ -240,7 +240,8 @@ TODO
 
 Bring your own ssh key
 ----------------------
-TODO
+To use your own ssh key after you have generated the passwords.yml file
+update the private and public keys under bifrost_ssh_key.
 
 Known issues
 ============
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index 8b78cb3cd46192f9bf3b50077bf3fa3d5e28d269..f01567aa51603b0e4ad039e2c2ea5cd0fb490461 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -88,6 +88,10 @@ keystone_ssh_key:
   private_key:
   public_key:
 
+bifrost_ssh_key:
+  private_key:
+  public_key:
+
 ####################
 # RabbitMQ options
 ####################
diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py
index fd15fbf5836c80d5681bf1854f15e26bb1069d04..60b6d55955506978b916c3e9e29a0dd0c99f2b2d 100755
--- a/kolla/cmd/genpwd.py
+++ b/kolla/cmd/genpwd.py
@@ -43,7 +43,8 @@ def main():
     uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
 
     # SSH key pair
-    ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', 'keystone_ssh_key']
+    ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
+                'keystone_ssh_key', 'bifrost_ssh_key']
 
     # If these keys are None, leave them as None
     blank_keys = ['docker_registry_password']