diff --git a/roles/saltmaster/account/init.sls b/roles/saltmaster/account/init.sls
--- a/roles/saltmaster/account/init.sls
+++ b/roles/saltmaster/account/init.sls
@@ -46,11 +46,29 @@
     - onchanges:
       - user: deploy_account
 
+#   -------------------------------------------------------------
+#   SSH key for deployment account
+#
+#   This key should be added to:
+#
+#  - zemke-rhyne account on devcentral
+#    https://devcentral.nasqueron.org/settings/user/zemke-rhyne/page/ssh/
+#
+#  - alken-orin account on GitHub
+#    Credentials are stored in DevCentral passphrase application
+#   -------------------------------------------------------------
+
+/opt/salt/security:
+  file.directory:
+    - user: deploy
+    - group: ops
+    - chmod: 770
+
 deploy_account_ssh_key:
   cmd.run:
-    - name: ssh-keygen -t ed25519 -N "" -f /var/run/deploy/.ssh/id_ed25519
+    - name: ssh-keygen -t ed25519 -N "" -f /opt/salt/security/id_ed25519
     - runas: deploy
-    - creates: /var/run/deploy/.ssh/id_ed25519
+    - creates: /opt/salt/security/id_ed25519
 
 #   -------------------------------------------------------------
 #   Sudo capabilities
diff --git a/roles/saltmaster/staging/init.sls b/roles/saltmaster/staging/init.sls
--- a/roles/saltmaster/staging/init.sls
+++ b/roles/saltmaster/staging/init.sls
@@ -33,6 +33,6 @@
     - name: ssh://vcs@devcentral.nasqueron.org:5022/source/private-staging.git
     - target: /opt/salt/private/staging
     - user: deploy
-    - identity: /var/run/deploy/.ssh/id_ed25519
+    - identity: /opt/salt/security/id_ed25519
     - update_head: False
     - submodules: True