diff --git a/playbooks/inventory/group_vars/utility_all.yml b/playbooks/inventory/group_vars/utility_all.yml
index e84f00cd70..4f28b63a1a 100644
--- a/playbooks/inventory/group_vars/utility_all.yml
+++ b/playbooks/inventory/group_vars/utility_all.yml
@@ -14,3 +14,7 @@
 # limitations under the License.
 
 tempest_log_dir: /var/log/utility
+
+# Set this if ssh access from the utility container to all other hosts is
+# desired
+# utility_ssh_private_key: "{{ lookup('file', '/root/.ssh/id_rsa') }}"
diff --git a/playbooks/utility-install.yml b/playbooks/utility-install.yml
index a87e362a82..07ec74db3e 100644
--- a/playbooks/utility-install.yml
+++ b/playbooks/utility-install.yml
@@ -111,16 +111,15 @@
       with_items: utility_pip_packages
       tags:
         - utility-pip-packages
-    - name: Grab private ssh key
-      set_fact:
-        private_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa') }}"
-    - name: Drop in private ssh key
+    - name: Distribute private ssh key
       copy:
-        content: "{{ private_ssh_key }}"
+        content: "{{ utility_ssh_private_key }}"
         dest: /root/.ssh/id_rsa
         mode: 0600
         owner: root
         group: root
+      when:
+        - utility_ssh_private_key is defined
   vars:
     galera_address: "{{ internal_lb_vip_address }}"
     utility_pip_packages:
diff --git a/releasenotes/notes/utility_container_ssh_key-44b1d15a1c06395e.yaml b/releasenotes/notes/utility_container_ssh_key-44b1d15a1c06395e.yaml
new file mode 100644
index 0000000000..4c4702247a
--- /dev/null
+++ b/releasenotes/notes/utility_container_ssh_key-44b1d15a1c06395e.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The ``utility-all.yml`` playbook will no longer distribute the deployment
+    host's root user's private ssh key to all utility containers. Deployers
+    who desire this behavior should set the ``utility_ssh_private_key``
+    variable.