coder
diff --git a/‎coderd/provisionerdserver/provisionerdserver.go
+11 b/‎coderd/provisionerdserver/provisionerdserver.go
+11
diff --git a/‎coderd/provisionerdserver/provisionerdserver_test.go
+5 b/‎coderd/provisionerdserver/provisionerdserver_test.go
+5
diff --git a/‎provisioner/terraform/provision.go
+2 b/‎provisioner/terraform/provision.go
+2
diff --git a/‎provisioner/terraform/provision_test.go
+46 b/‎provisioner/terraform/provision_test.go
+46
@@ -467,6 +467,15 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
 		if err != nil {
 			return nil, failJob(fmt.Sprintf("get owner: %s", err))
 		}
+		var ownerSSHPublicKey, ownerSSHPrivateKey string
+		if ownerSSHKey, err := s.Database.GetGitSSHKey(ctx, owner.ID); err != nil {
+			if !xerrors.Is(err, sql.ErrNoRows) {
+				return nil, failJob(fmt.Sprintf("get owner ssh key: %s", err))
+			}
+		} else {
+			ownerSSHPublicKey = ownerSSHKey.PublicKey
+			ownerSSHPrivateKey = ownerSSHKey.PrivateKey
+		}
 		ownerGroups, err := s.Database.GetGroupsByOrganizationAndUserID(ctx, database.GetGroupsByOrganizationAndUserIDParams{
 			UserID:         owner.ID,
 			OrganizationID: s.OrganizationID,
@@ -586,6 +595,8 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo
 					TemplateName:                  template.Name,
 					TemplateVersion:               templateVersion.Name,
 					WorkspaceOwnerSessionToken:    sessionToken,
+					WorkspaceOwnerSshPublicKey:    ownerSSHPublicKey,
+					WorkspaceOwnerSshPrivateKey:   ownerSSHPrivateKey,
 				},
 				LogLevel: input.LogLevel,
 			},
 
@@ -190,6 +190,9 @@ func TestAcquireJob(t *testing.T) {
 				Name:           "group1",
 				OrganizationID: pd.OrganizationID,
 			})
+			sshKey := dbgen.GitSSHKey(t, db, database.GitSSHKey{
+				UserID: user.ID,
+			})
 			err := db.InsertGroupMember(ctx, database.InsertGroupMemberParams{
 				UserID:  user.ID,
 				GroupID: group1.ID,
@@ -360,6 +363,8 @@ func TestAcquireJob(t *testing.T) {
 						TemplateName:                  template.Name,
 						TemplateVersion:               version.Name,
 						WorkspaceOwnerSessionToken:    sessionToken,
+						WorkspaceOwnerSshPublicKey:    sshKey.PublicKey,
+						WorkspaceOwnerSshPrivateKey:   sshKey.PrivateKey,
 					},
 				},
 			})
 
@@ -202,6 +202,8 @@ func provisionEnv(
 		"CODER_WORKSPACE_OWNER_NAME="+metadata.GetWorkspaceOwnerName(),
 		"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN="+metadata.GetWorkspaceOwnerOidcAccessToken(),
 		"CODER_WORKSPACE_OWNER_GROUPS="+string(ownerGroups),
+		"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY="+metadata.GetWorkspaceOwnerSshPublicKey(),
+		"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY="+metadata.GetWorkspaceOwnerSshPrivateKey(),
 		"CODER_WORKSPACE_ID="+metadata.GetWorkspaceId(),
 		"CODER_WORKSPACE_OWNER_ID="+metadata.GetWorkspaceOwnerId(),
 		"CODER_WORKSPACE_OWNER_SESSION_TOKEN="+metadata.GetWorkspaceOwnerSessionToken(),
 
@@ -572,6 +572,52 @@ func TestProvision(t *testing.T) {
 				}},
 			},
 		},
+		{
+			Name: "ssh-key",
+			Files: map[string]string{
+				"main.tf": `terraform {
+					required_providers {
+					  coder = {
+						source  = "coder/coder"
+					  }
+					}
+				}
+
+				resource "null_resource" "example" {}
+				data "coder_workspace_owner" "me" {}
+				resource "coder_metadata" "example" {
+					resource_id = null_resource.example.id
+					item {
+						key = "pubkey"
+						value = data.coder_workspace_owner.me.ssh_public_key
+					}
+					item {
+						key = "privkey"
+						value = data.coder_workspace_owner.me.ssh_private_key
+					}
+				}
+				`,
+			},
+			Request: &proto.PlanRequest{
+				Metadata: &proto.Metadata{
+					WorkspaceOwnerSshPublicKey:  "fake public key",
+					WorkspaceOwnerSshPrivateKey: "fake private key",
+				},
+			},
+			Response: &proto.PlanComplete{
+				Resources: []*proto.Resource{{
+					Name: "example",
+					Type: "null_resource",
+					Metadata: []*proto.Resource_Metadata{{
+						Key:   "pubkey",
+						Value: "fake public key",
+					}, {
+						Key:   "privkey",
+						Value: "fake private key",
+					}},
+				}},
+			},
+		},
 	}
 
 	for _, testCase := range testCases {