diff --git a/pegleg/cli.py b/pegleg/cli.py
index 07c1299a..c6bb711f 100644
--- a/pegleg/cli.py
+++ b/pegleg/cli.py
@@ -607,8 +607,18 @@ def generate():
     default=False,
     show_default=True,
     help='Force Pegleg to regenerate all PKI items.')
+@click.option(
+    '-s',
+    '--save-location',
+    'save_location',
+    required=False,
+    help='Directory to store the generated site certificates in. It will '
+    'be created automatically, if it does not already exist. The '
+    'generated, wrapped, and encrypted passphrases files will be saved '
+    'in: <save_location>/site/<site_name>/secrets/certificates/ '
+    'directory. Defaults to site repository path if no value given.')
 @click.argument('site_name')
-def generate_pki(site_name, author, days, regenerate_all):
+def generate_pki(site_name, author, days, regenerate_all, save_location):
     """Generate certificates, certificate authorities and keypairs for a given
     site.
 
@@ -617,7 +627,11 @@ def generate_pki(site_name, author, days, regenerate_all):
     engine.repository.process_repositories(site_name, overwrite_existing=True)
     config.set_global_enc_keys(site_name)
     pkigenerator = catalog.pki_generator.PKIGenerator(
-        site_name, author=author, duration=days, regenerate_all=regenerate_all)
+        site_name,
+        author=author,
+        duration=days,
+        regenerate_all=regenerate_all,
+        save_location=save_location)
     output_paths = pkigenerator.generate()
 
     click.echo("Generated PKI files written to:\n%s" % '\n'.join(output_paths))
diff --git a/pegleg/engine/catalog/pki_generator.py b/pegleg/engine/catalog/pki_generator.py
index d4990089..653fd778 100644
--- a/pegleg/engine/catalog/pki_generator.py
+++ b/pegleg/engine/catalog/pki_generator.py
@@ -48,7 +48,8 @@ class PKIGenerator(object):
             block_strings=True,
             author=None,
             duration=365,
-            regenerate_all=False):
+            regenerate_all=False,
+            save_location=None):
         """Constructor for ``PKIGenerator``.
 
         :param int duration: Duration in days that generated certificates
@@ -66,6 +67,7 @@ class PKIGenerator(object):
         self._sitename = sitename
         self._documents = site.get_rendered_docs(sitename)
         self._author = author
+        self._save_location = save_location or config.get_site_repo()
 
         self.keys = pki_utility.PKIUtility(
             block_strings=block_strings, duration=duration)
@@ -96,7 +98,7 @@ class PKIGenerator(object):
                 document_name = keypair_def['name']
                 self.get_or_gen_keypair(document_name)
 
-        return self._write(config.get_site_repo())
+        return self._write(self._save_location)
 
     def get_or_gen_ca(self, document_name):
         kinds = [