diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index c3cc7a33..9660e1ad 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -1,6 +1,5 @@
 {
   config,
-  pkgs,
   ...
 }:
 let
@@ -55,6 +54,9 @@ in
         CSRF_TRUSTED_ORIGINS = [ "https://${cfg.domain}" ];
         COMPRESS_OFFLINE = true;
         LIBSASS_OUTPUT_STYLE = "compressed";
+        ENV_VARS = {
+          ssh_private_key_file = config.age.secrets.panel-ssh-key.path;
+        };
       };
     secrets = {
       SECRET_KEY = config.age.secrets.panel-secret-key.path;
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index bab35088..a023aa29 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -146,7 +146,7 @@ class DeploymentStatus(ConfigurationForm):
         } | {
             # pass in form info to our deployment
             # FIXME: ensure sensitive info is protected
-            f"TF_VAR_{k}": v if isinstance(v, str) else json.dumps(v) for k, v in deployment_params.items()
+            f"TF_VAR_{k}": v if isinstance(v, str) else json.dumps(v) for k, v in (settings.ENV_VARS | deployment_params).items()
         }
         cwd = f"{settings.repo_dir}/launch"
         cmd = [