diff --git a/charts/maas/templates/bin/_start.sh.tpl b/charts/maas/templates/bin/_start.sh.tpl
index dca0617..1292e82 100644
--- a/charts/maas/templates/bin/_start.sh.tpl
+++ b/charts/maas/templates/bin/_start.sh.tpl
@@ -19,10 +19,18 @@ set -ex
 # show env
 env > /tmp/env
 
-if [[ -d ~maas/.ssh ]]
+# MAAS must be able to ssh to libvirt hypervisors
+# to control VMs
+
+if [[ -d ~maas/keys ]]
 then
+  mkdir -p ~maas/.ssh
+  cp ~maas/keys/* ~maas/.ssh/
   chown -R maas:maas ~maas/.ssh
+  chmod 700 ~maas/.ssh
+  chmod 600 ~maas/.ssh/*
 fi
+
 chsh -s /bin/bash maas
 
 exec /bin/systemd --system
diff --git a/charts/maas/templates/deployment-rack.yaml b/charts/maas/templates/deployment-rack.yaml
index 33494b9..802d76c 100644
--- a/charts/maas/templates/deployment-rack.yaml
+++ b/charts/maas/templates/deployment-rack.yaml
@@ -89,10 +89,10 @@ spec:
               readOnly: true
 {{- if .Values.manifests.secret_ssh_key }}
             - name: maas-ssh
-              mountPath: /var/lib/maas/.ssh
+              mountPath: /var/lib/maas/keys
             - name: priv-key
               subPath: PRIVATE_KEY
-              mountPath: /var/lib/maas/.ssh/id_rsa
+              mountPath: /var/lib/maas/keys/id_rsa
 {{- end }}
 {{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
       volumes: