diff --git a/infra/main.tf b/infra/main.tf
index 7a989dd..f8e2eb3 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -1,3 +1,11 @@
+data "google_client_openid_userinfo" "me" {
+}
+
+resource "google_os_login_ssh_public_key" "default" {
+  user = data.google_client_openid_userinfo.me.email
+  key  = file("../ssh/gcp.pub")
+}
+
 resource "google_compute_instance" "kubenode1" {
   boot_disk {
     auto_delete = true
@@ -22,7 +30,12 @@ resource "google_compute_instance" "kubenode1" {
   }
 
   machine_type = "e2-medium"
-  name         = "kubenode1"
+
+  metadata = {
+    enable-oslogin = "true"
+  }
+
+  name = "kubenode1"
 
   network_interface {
     access_config {
@@ -78,7 +91,12 @@ resource "google_compute_instance" "kubenode2" {
   }
 
   machine_type = "e2-medium"
-  name         = "kubenode2"
+
+  metadata = {
+    enable-oslogin = "true"
+  }
+
+  name = "kubenode2"
 
   network_interface {
     access_config {
@@ -134,7 +152,12 @@ resource "google_compute_instance" "kubenode3" {
   }
 
   machine_type = "e2-medium"
-  name         = "kubenode3"
+
+  metadata = {
+    enable-oslogin = "true"
+  }
+
+  name = "kubenode3"
 
   network_interface {
     access_config {
diff --git a/infra/variables.tf b/infra/variables.tf
index 6b6e823..8506504 100644
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -7,3 +7,5 @@ variable "gcp_region" {}
 variable "gcp_svc_email" {}
 
 variable "gcp_svc_scopes" {}
+
+variable "ssh_keys" {}