diff --git a/outputs.tf b/outputs.tf
index d5d5fc0..72429be 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -34,10 +34,10 @@ output "lb_address" {
 
 output "hcloud_ssh_key_public" {
   description = "registered ssh public key on your Hetzner Cloud machines."
-  value       = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_public : tls_private_key.ssh_key_gen[0].public_key_openssh
+  value       = local.public_key
 }
 
 output "hcloud_ssh_key_private" {
   description = "registered ssh private key on your Hetzner Cloud machines."
-  value       = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_private : tls_private_key.ssh_key_gen[0].private_key_openssh
+  value       = local.private_key
 }
diff --git a/resources_hetzner.tf b/resources_hetzner.tf
index 8c5e2cc..046ca3c 100644
--- a/resources_hetzner.tf
+++ b/resources_hetzner.tf
@@ -15,15 +15,9 @@ resource "hcloud_network" "kubernetes_internal_network" {
   }
 }
 
-resource "tls_private_key" "ssh_key_gen" {
-  count     = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? 1 : 0
-  algorithm = "RSA"
-  rsa_bits  = 4096
-}
-
 resource "hcloud_ssh_key" "rke_ssh_key" {
   name       = "${var.instance_prefix}-rke-management-key"
-  public_key = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_public : tls_private_key.ssh_key_gen[0].public_key_openssh
+  public_key = local.public_key
   labels = {
     automated = true
   }
@@ -44,7 +38,7 @@ resource "hcloud_server" "rke_nodes" {
     connection {
       type        = "ssh"
       user        = "root"
-      private_key = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_private : tls_private_key.ssh_key_gen[0].private_key_openssh
+      private_key = local.private_key
       host        = self.ipv4_address
     }
   }
diff --git a/resources_rke.tf b/resources_rke.tf
index 832ce4b..1dbae26 100644
--- a/resources_rke.tf
+++ b/resources_rke.tf
@@ -10,7 +10,7 @@ resource "rke_cluster" "rke_cluster" {
       role             = ["controlplane", "worker", "etcd"]
       user             = "root"
       ssh_agent_auth   = true
-      ssh_key          = var.hcloud_ssh_key_private
+      ssh_key          = local.private_key
     }
   }
 
diff --git a/resources_ssh_keys.tf b/resources_ssh_keys.tf
new file mode 100644
index 0000000..446f601
--- /dev/null
+++ b/resources_ssh_keys.tf
@@ -0,0 +1,8 @@
+resource "tls_private_key" "ssh_key_gen" {
+  algorithm = "ED25519"
+}
+
+locals {
+  public_key  = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_public : tls_private_key.ssh_key_gen.public_key_openssh
+  private_key = var.hcloud_ssh_key_public != "" && var.hcloud_ssh_key_private != "" ? var.hcloud_ssh_key_private : tls_private_key.ssh_key_gen.private_key_openssh
+}