diff --git a/roles/remove-sshkey/README.rst b/roles/remove-sshkey/README.rst
new file mode 100644
index 000000000..c6d7418a3
--- /dev/null
+++ b/roles/remove-sshkey/README.rst
@@ -0,0 +1,16 @@
+Remove an added ssh key from the host.
+
+**Role Variables**
+
+.. zuul:rolevar:: ssh_key
+
+  Complex argument which contains the ssh key information. It is
+  expected that this argument comes from a `Secret`.
+
+  .. zuul:rolevar:: ssh_known_hosts
+
+    String containing known host signature for the remote host.
+
+  .. zuul:rolevar:: fqdn
+
+    The FQDN of the remote host.
diff --git a/roles/remove-sshkey/tasks/main.yaml b/roles/remove-sshkey/tasks/main.yaml
new file mode 100644
index 000000000..4c3f08124
--- /dev/null
+++ b/roles/remove-sshkey/tasks/main.yaml
@@ -0,0 +1,9 @@
+- name: Remove ssh key
+  command: "shred ~/.ssh/id_rsa"
+
+- name: remove host key information from known hosts
+  known_hosts:
+    name: "{{ ssh_key.fqdn }}"
+    key: "{{ ssh_key.ssh_known_hosts }}"
+    state: absent
+  when: ssh_key.ssh_known_hosts is defined and ssh_key.fqdn is defined