diff --git a/roles/copy-build-sshkey/README.rst b/roles/copy-build-sshkey/README.rst
new file mode 100644
index 000000000..05619727a
--- /dev/null
+++ b/roles/copy-build-sshkey/README.rst
@@ -0,0 +1,17 @@
+Copy a build-local SSH key to a defined user on all hosts
+
+This role is intended to be run on the Zuul Executor.  It copies a generated
+build specific ssh key to a user and adds it to the authorized_keys file of
+every host in the inventory.
+
+**Role Variables**
+
+.. zuul:rolevar:: zuul_temp_ssh_key
+   :default: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
+
+   Where to source the build private key
+
+.. zuul:rolevar:: copy_sshkey_target_user
+   :default: root
+
+   The user to copy the sshkey to.
diff --git a/roles/copy-build-sshkey/tasks/main.yaml b/roles/copy-build-sshkey/tasks/main.yaml
new file mode 100644
index 000000000..227d3bccf
--- /dev/null
+++ b/roles/copy-build-sshkey/tasks/main.yaml
@@ -0,0 +1,25 @@
+---
+# Add the authorization first, to take advantage of manage_dir
+- name: Authorize build key
+  authorized_key:
+    user: "{{ copy_sshkey_target_user }}"
+    manage_dir: yes
+    key: "{{ lookup('file', zuul_temp_ssh_key ~ '.pub') }}"
+
+# Use a block to add become to a set of tasks
+- block:
+  - name: Install the build private key
+    copy:
+      src: "{{ zuul_temp_ssh_key }}"
+      dest: "~/.ssh/id_rsa"
+      mode: 0600
+      force: no
+
+  - name: Install the build public key
+    copy:
+      src: "{{ zuul_temp_ssh_key }}.pub"
+      dest: "~/.ssh/id_rsa.pub"
+      mode: 0644
+      force: no
+  become: true
+  become_user: "{{ copy_sshkey_target_user }}"
diff --git a/roles/copy-build-sshkey/vars/main.yml b/roles/copy-build-sshkey/vars/main.yml
new file mode 100644
index 000000000..2a4cb456d
--- /dev/null
+++ b/roles/copy-build-sshkey/vars/main.yml
@@ -0,0 +1,2 @@
+zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
+copy_sshkey_target_user: root