diff --git a/terraform/azure/azure-linux-vm/main.tf b/terraform/azure/azure-linux-vm/main.tf
index 90a5663..a35b44f 100644
--- a/terraform/azure/azure-linux-vm/main.tf
+++ b/terraform/azure/azure-linux-vm/main.tf
@@ -30,7 +30,7 @@ locals {
   subnet_id                 = module.vpc.public_subnet_id
   network_security_group_id = azurerm_network_security_group.tailscale_ingress.id
   instance_type             = "Standard_D2as_v6"
-  admin_public_key_path     = var.admin_public_key_path
+  admin_public_key          = var.admin_public_key_path == "" ? tls_private_key.ssh[0].public_key_openssh : file(var.admin_public_key_path)
 }
 
 resource "azurerm_resource_group" "main" {
@@ -53,6 +53,11 @@ module "vpc" {
   subnet_name_private_dns_resolver = "dns-inbound"
 }
 
+resource "tls_private_key" "ssh" {
+  count     = var.admin_public_key_path == "" ? 1 : 0
+  algorithm = "ED25519"
+}
+
 #
 # Tailscale instance resources
 #
@@ -87,10 +92,10 @@ module "tailscale_azure_linux_virtual_machine" {
   network_security_group_id = local.network_security_group_id
   public_ip_address_id      = azurerm_public_ip.vm.id
 
-  machine_name          = local.name
-  machine_size          = local.instance_type
-  admin_public_key_path = local.admin_public_key_path
-  resource_tags         = local.azure_tags
+  machine_name     = local.name
+  machine_size     = local.instance_type
+  admin_public_key = local.admin_public_key
+  resource_tags    = local.azure_tags
 
   # Variables for Tailscale resources
   tailscale_hostname        = local.name
diff --git a/terraform/azure/azure-linux-vm/outputs.tf b/terraform/azure/azure-linux-vm/outputs.tf
index 9a84535..97ad700 100644
--- a/terraform/azure/azure-linux-vm/outputs.tf
+++ b/terraform/azure/azure-linux-vm/outputs.tf
@@ -32,6 +32,11 @@ output "instance_id" {
   value = module.tailscale_azure_linux_virtual_machine.instance_id
 }
 
+output "ssh_private_key_openssh" {
+  value     = var.admin_public_key_path == "" ? tls_private_key.ssh[0].private_key_openssh : null
+  sensitive = true
+}
+
 output "user_data_md5" {
   description = "MD5 hash of the VM user_data script - for detecting changes"
   value       = module.tailscale_azure_linux_virtual_machine.user_data_md5
diff --git a/terraform/azure/azure-linux-vm/variables.tf b/terraform/azure/azure-linux-vm/variables.tf
index 8d7c73a..bc45d48 100644
--- a/terraform/azure/azure-linux-vm/variables.tf
+++ b/terraform/azure/azure-linux-vm/variables.tf
@@ -2,5 +2,7 @@
 # Variables for Azure resources
 #
 variable "admin_public_key_path" {
-  type = string
+  type        = string
+  description = "Path to the SSH public key to assign to the virtual machine - if omitted, a key will be created"
+  default     = ""
 }
diff --git a/terraform/azure/azure-linux-vm/versions.tf b/terraform/azure/azure-linux-vm/versions.tf
index d5e75c5..e2e3409 100644
--- a/terraform/azure/azure-linux-vm/versions.tf
+++ b/terraform/azure/azure-linux-vm/versions.tf
@@ -4,6 +4,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = ">= 4.0, < 5.0"
     }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0, < 5.0"
+    }
     tailscale = {
       source  = "tailscale/tailscale"
       version = ">= 0.24"
diff --git a/terraform/azure/internal-modules/azure-linux-vm/main.tf b/terraform/azure/internal-modules/azure-linux-vm/main.tf
index 98a2257..dfce3b5 100644
--- a/terraform/azure/internal-modules/azure-linux-vm/main.tf
+++ b/terraform/azure/internal-modules/azure-linux-vm/main.tf
@@ -43,7 +43,7 @@ resource "azurerm_linux_virtual_machine" "tailscale_instance" {
   admin_username = var.admin_username
   admin_ssh_key {
     username   = var.admin_username
-    public_key = file(var.admin_public_key_path)
+    public_key = var.admin_public_key
   }
 
   os_disk {
diff --git a/terraform/azure/internal-modules/azure-linux-vm/variables.tf b/terraform/azure/internal-modules/azure-linux-vm/variables.tf
index 82652bb..456cbba 100644
--- a/terraform/azure/internal-modules/azure-linux-vm/variables.tf
+++ b/terraform/azure/internal-modules/azure-linux-vm/variables.tf
@@ -38,8 +38,8 @@ variable "admin_username" {
   type        = string
   default     = "ubuntu"
 }
-variable "admin_public_key_path" {
-  description = "The filepath of the SSH public key to assign to the virtual machine"
+variable "admin_public_key" {
+  description = "The SSH public key to assign to the virtual machine"
   type        = string
 }
 variable "public_ip_address_id" {