diff --git a/openstack_plugin/constants.py b/openstack_plugin/constants.py
index 222f00fd..795adbca 100644
--- a/openstack_plugin/constants.py
+++ b/openstack_plugin/constants.py
@@ -161,6 +161,7 @@
 KEY_USE_CFY_LOGGER = 'use_cfy_logger'
 KEY_GROUPS = 'groups'
 KEY_LOGGERS = 'loggers'
+PRIVATE_KEY_PREFIX = '-----BEGIN'
 
 DEFAULT_LOGGING_CONFIG = {
     KEY_USE_CFY_LOGGER: True,
diff --git a/openstack_plugin/resources/compute/server.py b/openstack_plugin/resources/compute/server.py
index 252c52c2..2f4764a7 100644
--- a/openstack_plugin/resources/compute/server.py
+++ b/openstack_plugin/resources/compute/server.py
@@ -86,7 +86,8 @@
                                         OPENSTACK_TYPE_PROPERTY,
                                         USE_EXTERNAL_RESOURCE_PROPERTY,
                                         SERVER_PUBLIC_IP_PROPERTY,
-                                        SERVER_IP_PROPERTY)
+                                        SERVER_IP_PROPERTY,
+                                        PRIVATE_KEY_PREFIX)
 
 from openstack_plugin.utils import \
     (handle_userdata,
@@ -1227,9 +1228,19 @@ def _get_server_private_key():
 
     # Try to get the private key from keypair instance
     private_key = \
-        rel_keyname.target.instance.runtime_properties.get('private_key')
+        rel_keyname.target.instance.runtime_properties.get('private_key') or \
+        rel_keyname.target.node.properties.get('private_key')
+    # if private_key is None, that means the KeyPair is external, so we need
+    # to check the "private_key" node property
     if not private_key:
         return None
+
+    if private_key.startswith(PRIVATE_KEY_PREFIX):
+        return private_key
+
+    with open(private_key) as _file:
+        private_key = _file.read()
+
     return private_key
 
 
diff --git a/plugin.yaml b/plugin.yaml
index 0ee7c424..1ee98465 100644
--- a/plugin.yaml
+++ b/plugin.yaml
@@ -1193,6 +1193,13 @@ node_types:
       <<: *external_resource
       <<: *create_if_missing
       <<: *client_config
+      private_key:
+        description: >
+          The private ssh key to use. It can be filename or content of the
+          private key. This is only relevant when Keypair is using
+          use_external_resource as True otherwise it will be ignored
+        required: false
+        type: string
       resource_config:
         type: cloudify.types.openstack.KeyPair
         description: https://developer.openstack.org/api-ref/compute/?expanded=create-or-import-keypair-detail