diff --git a/roles/head-prep/tasks/main.yml b/roles/head-prep/tasks/main.yml
index f495b22..c17ecbe 100644
--- a/roles/head-prep/tasks/main.yml
+++ b/roles/head-prep/tasks/main.yml
@@ -64,3 +64,20 @@
     dest={{ ansible_user_dir }}/.ansible.cfg
     owner={{ ansible_user_id }} mode=0644
 
+- name: Copy node key (MaaS)
+  copy:
+    src={{ maas_node_key }}
+    dest={{ ansible_user_dir }}/node_key
+    owner={{ ansible_user }}
+    mode=0600
+    remote_src=True
+  when: on_maas
+
+- name: Copy node key (without MaaS)
+  copy:
+    src={{ ansible_user_dir }}/.ssh/id_rsa
+    dest={{ ansible_user_dir }}/node_key
+    owner={{ ansible_user }}
+    mode=0600
+    remote_src=True
+  when: not on_maas
diff --git a/roles/onos-vm-install/templates/onos-setup-vars.yml.j2 b/roles/onos-vm-install/templates/onos-setup-vars.yml.j2
index 136e686..9e82c39 100644
--- a/roles/onos-vm-install/templates/onos-setup-vars.yml.j2
+++ b/roles/onos-vm-install/templates/onos-setup-vars.yml.j2
@@ -1,6 +1,2 @@
 ---
-{% if on_maas %}
-node_private_key: "{{ maas_node_key }}"
-{% else %}
-node_private_key: "~/.ssh/id_rsa"
-{% endif %}
+node_private_key: "{{ ansible_user_dir }}/node_key"
diff --git a/roles/xos-vm-install/files/xos-setup-cord-pod-playbook.yml b/roles/xos-vm-install/files/xos-setup-cord-pod-playbook.yml
index f2724cb..d258d54 100644
--- a/roles/xos-vm-install/files/xos-setup-cord-pod-playbook.yml
+++ b/roles/xos-vm-install/files/xos-setup-cord-pod-playbook.yml
@@ -44,10 +44,11 @@
        - id_rsa
        - id_rsa.pub
 
-    - name: copy over SSH key as node_key
+    - name: copy over node_key
       copy:
         src={{ node_private_key }}
         dest={{ service_profile_repo_dest }}/{{ xos_configuration }}/node_key
+        owner={{ ansible_user_id }} mode=0600
 
     - name: Download Glance VM images
       get_url:
diff --git a/roles/xos-vm-install/templates/xos-setup-vars.yml.j2 b/roles/xos-vm-install/templates/xos-setup-vars.yml.j2
index cb96393..de7838e 100644
--- a/roles/xos-vm-install/templates/xos-setup-vars.yml.j2
+++ b/roles/xos-vm-install/templates/xos-setup-vars.yml.j2
@@ -15,8 +15,4 @@
 service_profile_repo_dest: "{{ service_profile_repo_dest }}"
 service_profile_repo_branch: "{{ service_profile_repo_branch }}"
 
-{% if on_maas %}
-node_private_key: "{{ maas_node_key }}"
-{% else %}
-node_private_key: "~/.ssh/id_rsa"
-{% endif %}
+node_private_key: "{{ ansible_user_dir }}/node_key"