diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
index 09d988063..ae9f961e4 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: lma-infra
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
index ee723aad8..5b829f386 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
\ No newline at end of file
+  - versions.yaml
+  - secrets.yaml
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/secrets.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/secrets.yaml
new file mode 100644
index 000000000..70587cddb
--- /dev/null
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/secrets.yaml
@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: lma-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: lma-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/ssh-private-keys-secret.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/ssh-private-keys-secret.yaml
new file mode 100644
index 000000000..0df82f6ad
--- /dev/null
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/ssh-private-keys-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
index 7d075abd0..13196bc25 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: wordpress-infra
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
index ee723aad8..5b829f386 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
\ No newline at end of file
+  - versions.yaml
+  - secrets.yaml
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/secrets.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/secrets.yaml
new file mode 100644
index 000000000..978033199
--- /dev/null
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/secrets.yaml
@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: wordpress-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: wordpress-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/ssh-private-keys-secret.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/ssh-private-keys-secret.yaml
new file mode 100644
index 000000000..0df82f6ad
--- /dev/null
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/ssh-private-keys-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml
index 287984ceb..afac84a46 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml
@@ -1,2 +1,3 @@
 resources:
   - ../../../../../sub-cluster/workers/replacements
+  
\ No newline at end of file