diff --git a/playbooks/maintenance.yaml b/playbooks/maintenance.yaml
index dd1027b..2c8b667 100644
--- a/playbooks/maintenance.yaml
+++ b/playbooks/maintenance.yaml
@@ -3,3 +3,8 @@
   hosts: all
   roles:
     - system_update
+
+- name: Ensure correct authorized_keys are deployed
+  hosts: all
+  roles:
+    - authorized_keys
diff --git a/playbooks/roles/authorized_keys/files/cit_authorized_keys b/playbooks/roles/authorized_keys/files/cit_authorized_keys
new file mode 100644
index 0000000..00b1603
--- /dev/null
+++ b/playbooks/roles/authorized_keys/files/cit_authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPH2H5bko/cRy5MGaHaKxQ1KT/f4m3RMS5Cy+qqSFdqh
diff --git a/playbooks/roles/authorized_keys/tasks/main.yaml b/playbooks/roles/authorized_keys/tasks/main.yaml
new file mode 100644
index 0000000..fbbf5e4
--- /dev/null
+++ b/playbooks/roles/authorized_keys/tasks/main.yaml
@@ -0,0 +1,6 @@
+- name: Deploy authorized keys for cit user
+  ansible.posix.authorized_key:
+    state: present
+    user: cit
+    exclusive: true
+    key: "{{ lookup('file', 'cit_authorized_keys') }}"