diff --git a/nova/core/roles/accounts/defaults/main.yml b/nova/core/roles/accounts/defaults/main.yml
index 5a1e36ea..09a9cf67 100644
--- a/nova/core/roles/accounts/defaults/main.yml
+++ b/nova/core/roles/accounts/defaults/main.yml
@@ -8,6 +8,7 @@ sudo_requires_password: true
 use_ssh_agent_for_sudo: false
 accounts_remove_stale: true # Compares the accounts list with the users on the system created by this role and removes any that are not in the accounts list
 fresh_deploy: false # Checks if the machine has just been created, required for setting correct connection parameters for AWS machines
+accounts_exclusive_ssh_key: true # If true, only the specified ssh key will be allowed for the account, otherwise the key will be appended to the authorized_keys file
 
 # The default lookup paths are Vault's KV v2 secret engine and a secrets name under that.
 pregenerated_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_lookup_fragment + 'secret=' + secrets_vault_engine_path | default(environment_name) + '/data/' + secrets_vault_secrets_path | default(project_fullname) + ':' + inventory_hostname + '_' + item.username) }}"
diff --git a/nova/core/roles/accounts/tasks/unix_create.yml b/nova/core/roles/accounts/tasks/unix_create.yml
index f5d4d905..ec25e269 100644
--- a/nova/core/roles/accounts/tasks/unix_create.yml
+++ b/nova/core/roles/accounts/tasks/unix_create.yml
@@ -39,7 +39,7 @@
     user: "{{ item.username }}"
     state: present
     key: "{{ item.ssh_key }}"
-    exclusive: "yes"
+    exclusive: "{{ item.ssh_key_exclusive | default(accounts_exclusive_ssh_key) }}"
   loop: "{{ local_accounts_list }}"
   loop_control:
     label: "{{ item.username }}"