diff --git a/setup/db/create-index-fk.sql b/setup/db/create-index-fk.sql
index 28d5b0e8ad4..081e7e78c21 100755
--- a/setup/db/create-index-fk.sql
+++ b/setup/db/create-index-fk.sql
@@ -246,4 +246,7 @@ ALTER TABLE `cloud`.`instance_group` ADD CONSTRAINT `fk_instance_group__account_
 ALTER TABLE `cloud`.`instance_group_vm_map` ADD CONSTRAINT `fk_instance_group_vm_map___group_id` FOREIGN KEY `fk_instance_group_vm_map___group_id` (`group_id`) REFERENCES `instance_group` (`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`instance_group_vm_map` ADD CONSTRAINT `fk_instance_group_vm_map___instance_id` FOREIGN KEY `fk_instance_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
 
+ALTER TABLE `cloud`.`ssh_keypairs` ADD CONSTRAINT `fk_ssh_keypairs__account_id` FOREIGN KEY `fk_ssh_keypair__account_id` (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE;
+ALTER TABLE `cloud`.`ssh_keypairs` ADD CONSTRAINT `fk_ssh_keypairs__domain_id` FOREIGN KEY `fk_ssh_keypair__domain_id` (`domain_id`) REFERENCES `domain` (`id`) ON DELETE CASCADE;
+
 #ALTER TABLE `cloud`.`vlan` ADD CONSTRAINT `fk_vlan__network_id` FOREIGN KEY `fk_vlan__network_id` (`network_id`) REFERENCES `networks` (`id`) ON DELETE CASCADE;
diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql
index 6bf31db3609..e01037e4e89 100755
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@@ -91,6 +91,7 @@ DROP TABLE IF EXISTS `cloud`.`load_balancing_ip_map`;
 DROP TABLE IF EXISTS `cloud`.`load_balancing_rules`;
 DROP TABLE IF EXISTS `cloud`.`port_forwarding_rules`;
 DROP TABLE IF EXISTS `cloud`.`firewall_rules`;
+DROP TABLE IF EXISTS `cloud`.`ssh_keypairs`;
 DROP TABLE IF EXISTS `cloud`.`usage_event`;
 
 CREATE TABLE `cloud`.`op_it_work` (
@@ -743,6 +744,8 @@ CREATE TABLE `cloud`.`user_vm` (
   `external_mac_address` varchar(17)  COMMENT 'mac address within the external network',
   `external_vlan_db_id` bigint unsigned  COMMENT 'foreign key into vlan table',
   `user_data` varchar(2048),
+  `encrypted_password` varchar(1024) COMMENT 'vm password encrypted with the public key referenced in ssh_keypair',
+  `ssh_keypair_id` bigint unsigned COMMENT 'id of the ssh keypair used to access the vm and/or encrypt the password',
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
@@ -1277,6 +1280,16 @@ CREATE TABLE `cloud`.`instance_group_vm_map` (
   PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+CREATE TABLE `cloud`.`ssh_keypairs` (
+  `id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
+  `account_id` bigint unsigned NOT NULL COMMENT 'owner, foreign key to account table',
+  `domain_id` bigint unsigned NOT NULL COMMENT 'domain, foreign key to domain table',
+  `keypair_name` varchar(256) NOT NULL COMMENT 'name of the key pair',
+  `fingerprint` varchar(128) NOT NULL COMMENT 'fingerprint for the ssh public key',
+  `public_key` varchar(5120) NOT NULL COMMENT 'public key of the ssh key pair',
+  PRIMARY KEY  (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 CREATE TABLE  `cloud`.`usage_event` (
   `id` bigint unsigned NOT NULL auto_increment,
   `type` varchar(32) NOT NULL,