diff --git a/api/projects/keys.go b/api/projects/keys.go
index ebd16e401..151deb1c3 100644
--- a/api/projects/keys.go
+++ b/api/projects/keys.go
@@ -120,6 +120,7 @@ func (c *KeyController) AddKey(w http.ResponseWriter, r *http.Request) {
 		helpers.WriteError(w, err)
 		return
 	}
+	key.Plain = newKey.Plain
 
 	helpers.WriteJSON(w, http.StatusCreated, key)
 }
diff --git a/db/AccessKey.go b/db/AccessKey.go
index 88a572b1a..5c6ee1f0b 100644
--- a/db/AccessKey.go
+++ b/db/AccessKey.go
@@ -37,6 +37,7 @@ type AccessKey struct {
 	String         string        `db:"-" json:"string"`
 	LoginPassword  LoginPassword `db:"-" json:"login_password"`
 	SshKey         SshKey        `db:"-" json:"ssh"`
+	GenerateSSHKey bool          `db:"-" json:"generate_ssh_key,omitempty"`
 	OverrideSecret bool          `db:"-" json:"override_secret,omitempty"`
 
 	StorageID *int `db:"storage_id" json:"-" backup:"-"`
diff --git a/db/bolt/access_key.go b/db/bolt/access_key.go
index b77406050..a04efc93b 100644
--- a/db/bolt/access_key.go
+++ b/db/bolt/access_key.go
@@ -44,6 +44,7 @@ func (d *BoltDb) UpdateAccessKey(key db.AccessKey) error {
 			return err2
 		}
 		oldKey.Name = key.Name
+		//oldKey.Plain = key.Plain
 		key = oldKey
 	}
 
diff --git a/db/sql/access_key.go b/db/sql/access_key.go
index e965dbc5b..daca984de 100644
--- a/db/sql/access_key.go
+++ b/db/sql/access_key.go
@@ -67,9 +67,10 @@ func (d *SqlDb) UpdateAccessKey(key db.AccessKey) error {
 	args = append(args, key.Name)
 
 	if key.OverrideSecret {
-		query += ", type=?, secret=?"
+		query += ", type=?, secret=?, plain=?"
 		args = append(args, key.Type)
 		args = append(args, key.Secret)
+		args = append(args, key.Plain)
 	}
 
 	query += " where id=?"
@@ -96,16 +97,18 @@ func (d *SqlDb) CreateAccessKey(key db.AccessKey) (newKey db.AccessKey, err erro
 			"type, "+
 			"project_id, "+
 			"secret, "+
+			"plain, "+
 			"environment_id, "+
 			"owner, "+
 			"storage_id, "+
 			"source_storage_id, "+
 			"source_storage_key) "+
-			"values (?, ?, ?, ?, ?, ?, ?, ?, ?)",
+			"values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
 		key.Name,
 		key.Type,
 		key.ProjectID,
 		key.Secret,
+		key.Plain,
 		key.EnvironmentID,
 		key.Owner,
 		key.StorageID,
diff --git a/services/server/access_key_svc.go b/services/server/access_key_svc.go
index 2c1aaf895..f730c7a59 100644
--- a/services/server/access_key_svc.go
+++ b/services/server/access_key_svc.go
@@ -1,9 +1,13 @@
 package server
 
 import (
+	"bufio"
+	"bytes"
+	"encoding/json"
 	"errors"
 
 	"github.com/semaphoreui/semaphore/db"
+	"github.com/semaphoreui/semaphore/util"
 )
 
 type AccessKeyService interface {
@@ -61,7 +65,48 @@ func (s *AccessKeyServiceImpl) GetAll(projectID int, options db.GetAccessKeyOpti
 	return s.accessKeyRepo.GetAccessKeys(projectID, options, params)
 }
 
+func maybeGenerateSSHPrivateKey(key *db.AccessKey) error {
+	if !key.GenerateSSHKey || key.Type != db.AccessKeySSH {
+		key.Plain = nil
+		return nil
+	}
+
+	var b bytes.Buffer
+	privateKeyFile := bufio.NewWriter(&b)
+
+	publicKey, err := util.GeneratePrivateKey(privateKeyFile)
+	if err != nil {
+		return err
+	}
+
+	err = privateKeyFile.Flush()
+	if err != nil {
+		return err
+	}
+
+	key.SshKey.PrivateKey = b.String()
+
+	type sshPublicKey struct {
+		PublicKey string `json:"public_key"`
+	}
+
+	plainBytes, err := json.Marshal(sshPublicKey{
+		PublicKey: publicKey,
+	})
+	if err != nil {
+		return err
+	}
+
+	plain := string(plainBytes)
+	key.Plain = &plain
+	return nil
+}
+
 func (s *AccessKeyServiceImpl) Create(key db.AccessKey) (newKey db.AccessKey, err error) {
+	err = maybeGenerateSSHPrivateKey(&key)
+	if err != nil {
+		return
+	}
 
 	err = s.encryptionService.SerializeSecret(&key)
 	if err != nil && !errors.Is(err, ErrReadOnlyStorage) {
@@ -73,7 +118,13 @@ func (s *AccessKeyServiceImpl) Create(key db.AccessKey) (newKey db.AccessKey, er
 }
 
 func (s *AccessKeyServiceImpl) Update(key db.AccessKey) (err error) {
+
 	if key.OverrideSecret {
+		err = maybeGenerateSSHPrivateKey(&key)
+		if err != nil {
+			return
+		}
+
 		err = s.encryptionService.SerializeSecret(&key)
 		if errors.Is(err, ErrReadOnlyStorage) {
 			key.OverrideSecret = false
diff --git a/web/src/components/KeyForm.vue b/web/src/components/KeyForm.vue
index 500b34e27..09c05a4e3 100644
--- a/web/src/components/KeyForm.vue
+++ b/web/src/components/KeyForm.vue
@@ -109,15 +109,47 @@
       dense
     />
 
+    <v-checkbox
+      v-model="item.generate_ssh_key"
+      label="Generate SSH Key"
+      v-if="!isReadOnly && item.type === 'ssh'"
+      :disabled="formSaving || !canEditSecrets"
+    />
+
     <v-textarea
       outlined
       v-model="item.ssh.private_key"
       :label="$t('privateKey')"
-      :disabled="formSaving || !canEditSecrets"
-      :rules="[v => !canEditSecrets || !!v || $t('private_key_required')]"
+      :disabled="formSaving || !canEditSecrets || item.generate_ssh_key"
+      :rules="[v => !canEditSecrets || item.generate_ssh_key || !!v || $t('private_key_required')]"
       v-if="!isReadOnly && item.type === 'ssh'"
     />
 
+    <div
+      v-if="item.type === 'ssh' && !isNew && hasGeneratedPublicKey"
+      class="mb-4"
+    >
+<!--      <div>Public Key</div>-->
+      <div style="position: relative">
+        <pre
+          style="
+            overflow: auto;
+            background: gray;
+            color: white;
+            border-radius: 10px;
+            margin-top: 5px;
+          "
+          class="pa-2"
+          >{{ publicKey }}</pre
+        >
+
+        <CopyClipboardButton
+          style="position: absolute; right: 0; top: 0; transform: scale(0.9);"
+          :text="publicKey"
+        />
+      </div>
+    </div>
+
     <v-checkbox
         v-model="item.override_secret"
         :label="$t('override')"
@@ -136,8 +168,13 @@
 </template>
 <script>
 import ItemFormBase from '@/components/ItemFormBase';
+import CopyClipboardButton from '@/components/CopyClipboardButton.vue';
 
 export default {
+  components: {
+    CopyClipboardButton,
+  },
+
   mixins: [ItemFormBase],
 
   props: {
@@ -164,6 +201,21 @@ export default {
   },
 
   computed: {
+    hasGeneratedPublicKey() {
+      return this.publicKey !== '';
+    },
+
+    publicKey: {
+      get() {
+        try {
+          const plain = JSON.parse(this.item?.plain || '{}');
+          return plain.public_key || '';
+        } catch (e) {
+          return '';
+        }
+      },
+    },
+
     canEditSecrets() {
       return this.isNew || this.item.override_secret;
     },
@@ -195,6 +247,7 @@ export default {
       return {
         ssh: {},
         login_password: {},
+        generate_ssh_key: false,
       };
     },
 
diff --git a/web/src/views/project/Keys.vue b/web/src/views/project/Keys.vue
index ae50122d9..0b6ad891c 100644
--- a/web/src/views/project/Keys.vue
+++ b/web/src/views/project/Keys.vue
@@ -5,7 +5,7 @@
       :save-button-text="itemId === 'new' ? $t('create') : $t('save')"
       :title="`${itemId === 'new' ? $t('nnew') : $t('edit')} Key`"
       :max-width="450"
-      @save="loadItems()"
+      @save="loadItemsAndShowPublicKey($event)"
     >
       <template v-slot:form="{ onSave, onError, needSave, needReset }">
         <KeyForm
@@ -20,6 +20,37 @@
       </template>
     </EditDialog>
 
+    <EditDialog
+      :max-width="700"
+      v-model="createdPublicKeyDialog"
+      :save-button-text="null"
+      title="Generated SSH Public Key"
+      hide-buttons
+    >
+      <template v-slot:form="{}">
+        <div class="mb-4">
+          <div style="position: relative">
+            <pre
+              style="
+                overflow: auto;
+                background: gray;
+                color: white;
+                border-radius: 10px;
+                margin-top: 5px;
+              "
+              class="pa-2"
+              >{{ createdPublicKey }}</pre
+            >
+
+            <CopyClipboardButton
+              style="position: absolute; right: 10px; top: 10px"
+              :text="createdPublicKey"
+            />
+          </div>
+        </div>
+      </template>
+    </EditDialog>
+
     <ObjectRefsDialog
       object-title="access key"
       :object-refs="itemRefs"
@@ -89,9 +120,14 @@ import ItemListPageBase from '@/components/ItemListPageBase';
 import KeyForm from '@/components/KeyForm.vue';
 import PageMixin from '@/components/PageMixin';
 import KeyStoreMenu from '@/components/KeyStoreMenu.vue';
+import CopyClipboardButton from '@/components/CopyClipboardButton.vue';
 
 export default {
-  components: { KeyStoreMenu, KeyForm },
+  components: {
+    CopyClipboardButton,
+    KeyStoreMenu,
+    KeyForm,
+  },
 
   mixins: [ItemListPageBase, PageMixin],
 
@@ -105,7 +141,51 @@ export default {
     },
   },
 
+  data() {
+    return {
+      createdPublicKeyDialog: false,
+      createdPublicKey: '',
+    };
+  },
+
   methods: {
+    async loadItemsAndShowPublicKey(e) {
+      await this.loadItems();
+
+      const isGeneratedOnCreate = e && e.action === 'new';
+      const isGeneratedOnUpdate = e && e.action === 'edit' && e.item && e.item.generate_ssh_key;
+      if (!isGeneratedOnCreate && !isGeneratedOnUpdate) {
+        this.createdPublicKey = '';
+        return;
+      }
+
+      const itemId = e && e.item ? e.item.id : null;
+      const reloadedItem = itemId ? this.items.find((x) => x.id === itemId) : null;
+      const sourceItem = reloadedItem || (e || {}).item;
+      const publicKey = this.extractPublicKey(sourceItem);
+
+      if (!publicKey) {
+        this.createdPublicKey = '';
+        return;
+      }
+
+      this.createdPublicKey = publicKey;
+      this.createdPublicKeyDialog = true;
+    },
+
+    extractPublicKey(item) {
+      if (!item || !item.plain) {
+        return '';
+      }
+
+      try {
+        const plain = JSON.parse(item.plain);
+        return plain.public_key || '';
+      } catch (e) {
+        return '';
+      }
+    },
+
     getHeaders() {
       return [{
         text: this.$i18n.t('name'),