diff --git a/.gitignore b/.gitignore
index edeabaf..7c91e9c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,3 +76,4 @@ github/
 *.ovpn
 
 *.zip
+account-map/
diff --git a/src/README.md b/src/README.md
index 88431d8..526471c 100644
--- a/src/README.md
+++ b/src/README.md
@@ -205,4 +205,3 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/homepage?utm_source=github&utm_medium=readme&utm_campaign=cloudposse-terraform-components/aws-argocd-github-repo&utm_content=)
-
diff --git a/src/applicationset.tf b/src/applicationset.tf
index 21abbf9..f16f604 100644
--- a/src/applicationset.tf
+++ b/src/applicationset.tf
@@ -15,7 +15,7 @@ resource "github_repository_file" "application_set" {
     ignore-differences          = each.value.ignore-differences
     name                        = module.this.namespace
     namespace                   = local.manifest_kubernetes_namespace
-    ssh_url                     = local.github_repository.ssh_clone_url
+    url                         = local.deploy_keys_enabled ? local.github_repository.ssh_clone_url : local.github_repository.http_clone_url
     notifications               = local.github_notifications
     slack_notifications_channel = var.slack_notifications_channel
   })
diff --git a/src/main.tf b/src/main.tf
index 88be37c..63174df 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -1,5 +1,6 @@
 locals {
-  enabled = module.this.enabled
+  enabled             = module.this.enabled
+  deploy_keys_enabled = local.enabled && var.deploy_keys_enabled
 
   environments = local.enabled ? {
     for env in var.environments :
@@ -118,14 +119,14 @@ resource "github_team_repository" "default" {
 }
 
 resource "tls_private_key" "default" {
-  for_each = local.environments
+  for_each = local.deploy_keys_enabled ? local.environments : {}
 
   algorithm = "RSA"
   rsa_bits  = "2048"
 }
 
 resource "github_repository_deploy_key" "default" {
-  for_each = local.environments
+  for_each = local.deploy_keys_enabled ? local.environments : {}
 
   title      = "Deploy key for ArgoCD environment: ${each.key} (${local.github_repository.default_branch} branch)"
   repository = local.github_repository.name
diff --git a/src/outputs.tf b/src/outputs.tf
index e737724..fcad1ad 100644
--- a/src/outputs.tf
+++ b/src/outputs.tf
@@ -1,6 +1,6 @@
 output "deploy_keys_ssm_paths" {
   description = "SSM Parameter Store paths for the repository's deploy keys"
-  value       = module.store_write.names
+  value       = local.deploy_keys_enabled ? module.store_write.names : []
 }
 
 output "deploy_keys_ssm_path_format" {
@@ -37,3 +37,8 @@ output "repository_ssh_clone_url" {
   description = "Repository SSH clone URL"
   value       = local.enabled ? local.github_repository.ssh_clone_url : null
 }
+
+output "repository_http_clone_url" {
+  description = "Repository HTTP clone URL"
+  value       = local.enabled ? local.github_repository.http_clone_url : null
+}
diff --git a/src/provider-github.tf b/src/provider-github.tf
index e701885..ec3910d 100644
--- a/src/provider-github.tf
+++ b/src/provider-github.tf
@@ -14,7 +14,7 @@ module "store_write" {
   source  = "cloudposse/ssm-parameter-store/aws"
   version = "0.13.0"
 
-  parameter_write = [for k, v in local.environments :
+  parameter_write = local.deploy_keys_enabled ? [for k, v in local.environments :
     {
       name        = format(var.ssm_github_deploy_key_format, k)
       value       = tls_private_key.default[k].private_key_pem
@@ -22,7 +22,7 @@ module "store_write" {
       overwrite   = true
       description = github_repository_deploy_key.default[k].title
     }
-  ]
+  ] : []
 
   context = module.this.context
 }
diff --git a/src/templates/applicationset.yaml.tpl b/src/templates/applicationset.yaml.tpl
index e44b750..609035d 100644
--- a/src/templates/applicationset.yaml.tpl
+++ b/src/templates/applicationset.yaml.tpl
@@ -37,7 +37,7 @@ metadata:
 spec:
   generators:
     - git:
-        repoURL: ${ssh_url}
+        repoURL: ${url}
         revision: HEAD
         files:
           - path: ${environment}/apps/*/*/config.yaml
@@ -63,7 +63,7 @@ spec:
     spec:
       project: ${name}
       source:
-        repoURL: ${ssh_url}
+        repoURL: ${url}
         targetRevision: HEAD
         path: '{{manifests}}'
       destination:
diff --git a/src/variables.tf b/src/variables.tf
index 080b80e..891b03c 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -209,3 +209,9 @@ variable "use_local_github_credentials" {
   description = "Use local GitHub credentials from environment variables instead of SSM"
   default     = false
 }
+
+variable "deploy_keys_enabled" {
+  type        = bool
+  description = "Enable GitHub deploy keys for the repository. These are used for Argo CD application syncing. Alternatively, you can use a GitHub App to access this desired state repository."
+  default     = true
+}