diff --git a/manifests/dehydrated.pp b/manifests/dehydrated.pp
index 86e0be7b3..3418a2c47 100644
--- a/manifests/dehydrated.pp
+++ b/manifests/dehydrated.pp
@@ -288,10 +288,17 @@
     undef   => $domain,
     default => $ssh_id,
   }
-  if $manage_ssh_key {
-    ensure_resource('sunet::snippets::secret_file', "${home}/.ssh/id_${_ssh_id}", {
+ if $manage_ssh_key {
+    $key_path = "${home}/.ssh/id_${_ssh_id}"
+    if lookup("${_ssh_id}_ssh_key", undef, undef, undef) { #Key is in secrets, write it to host
+      ensure_resource('sunet::snippets::secret_file', "$key_path", {
       hiera_key => "${_ssh_id}_ssh_key",
       })
+    }else{
+      if (!find_file($key_path)){
+        sunet::snippets::ssh_keygen{$key_path:} #This will not overwrite an existing key
+      }
+    }
   }
   if $single_domain {
     cron { "rsync_dehydrated_${domain}":