diff --git a/deployment/modules/aws/insecuretlskey/README.md b/deployment/modules/aws/insecuretlskey/README.md
new file mode 100644
index 00000000..71ec8b26
--- /dev/null
+++ b/deployment/modules/aws/insecuretlskey/README.md
@@ -0,0 +1,3 @@
+# [WARNING]
+# This module will store unencrypted private keys in the Terraform state file.
+# DO NOT use this for production logs.
diff --git a/deployment/modules/aws/insecuretlskey/main.tf b/deployment/modules/aws/insecuretlskey/main.tf
new file mode 100644
index 00000000..d84f23fd
--- /dev/null
+++ b/deployment/modules/aws/insecuretlskey/main.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.6"
+    }
+  }
+}
+
+# ECDSA key with P256 elliptic curve. Do NOT use this in production environment.
+#
+# Security Notice
+# The private key generated by this resource will be stored unencrypted in your 
+# Terraform state file. Use of this resource for production deployments is not 
+# recommended.
+#
+# See https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key.
+resource "tls_private_key" "ecdsa_p256" {
+  algorithm   = "ECDSA"
+  ecdsa_curve = "P256"
+}
diff --git a/deployment/modules/aws/insecuretlskey/outputs.tf b/deployment/modules/aws/insecuretlskey/outputs.tf
new file mode 100644
index 00000000..dccf986b
--- /dev/null
+++ b/deployment/modules/aws/insecuretlskey/outputs.tf
@@ -0,0 +1,9 @@
+output "tls_private_key_ecdsa_p256_public_key_pem" {
+  value     = tls_private_key.ecdsa_p256.public_key_pem
+  sensitive = true
+}
+
+output "tls_private_key_ecdsa_p256_private_key_pem" {
+  value     = tls_private_key.ecdsa_p256.private_key_pem
+  sensitive = true
+}
diff --git a/deployment/modules/aws/secretsmanager/main.tf b/deployment/modules/aws/secretsmanager/main.tf
index 50a7b79a..02e4557e 100644
--- a/deployment/modules/aws/secretsmanager/main.tf
+++ b/deployment/modules/aws/secretsmanager/main.tf
@@ -13,20 +13,6 @@ provider "aws" {
 }
 
 # Secrets Manager
-
-# ECDSA key with P256 elliptic curve. Do NOT use this in production environment.
-#
-# Security Notice
-# The private key generated by this resource will be stored unencrypted in your 
-# Terraform state file. Use of this resource for production deployments is not 
-# recommended.
-#
-# See https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key.
-resource "tls_private_key" "sctfe_ecdsa_p256" {
-  algorithm   = "ECDSA"
-  ecdsa_curve = "P256"
-}
-
 resource "aws_secretsmanager_secret" "sctfe_ecdsa_p256_public_key" {
   name = "${var.base_name}-ecdsa-p256-public-key"
 
@@ -36,8 +22,8 @@ resource "aws_secretsmanager_secret" "sctfe_ecdsa_p256_public_key" {
 }
 
 resource "aws_secretsmanager_secret_version" "sctfe_ecdsa_p256_public_key" {
-  secret_id = aws_secretsmanager_secret.sctfe_ecdsa_p256_public_key.id
-  secret_string = tls_private_key.sctfe_ecdsa_p256.public_key_pem
+  secret_id     = aws_secretsmanager_secret.sctfe_ecdsa_p256_public_key.id
+  secret_string = var.tls_private_key_ecdsa_p256_public_key_pem
 }
 
 resource "aws_secretsmanager_secret" "sctfe_ecdsa_p256_private_key" {
@@ -49,6 +35,6 @@ resource "aws_secretsmanager_secret" "sctfe_ecdsa_p256_private_key" {
 }
 
 resource "aws_secretsmanager_secret_version" "sctfe_ecdsa_p256_private_key" {
-  secret_id = aws_secretsmanager_secret.sctfe_ecdsa_p256_private_key.id
-  secret_string = tls_private_key.sctfe_ecdsa_p256.private_key_pem
+  secret_id     = aws_secretsmanager_secret.sctfe_ecdsa_p256_private_key.id
+  secret_string = var.tls_private_key_ecdsa_p256_private_key_pem
 }
diff --git a/deployment/modules/aws/secretsmanager/variables.tf b/deployment/modules/aws/secretsmanager/variables.tf
index 8dc3538d..cad751fe 100644
--- a/deployment/modules/aws/secretsmanager/variables.tf
+++ b/deployment/modules/aws/secretsmanager/variables.tf
@@ -7,3 +7,15 @@ variable "region" {
   description = "Region in which to create resources"
   type        = string
 }
+
+variable "tls_private_key_ecdsa_p256_public_key_pem" {
+  description = "Public ECDSA key with P256 elliptic curve in PEM format."
+  type        = string
+  sensitive   = true
+}
+
+variable "tls_private_key_ecdsa_p256_private_key_pem" {
+  description = "Private ECDSA key with P256 elliptic curve in PEM format."
+  type        = string
+  sensitive   = true
+}
diff --git a/deployment/modules/aws/tesseract/test/main.tf b/deployment/modules/aws/tesseract/test/main.tf
index 7097200b..a479898a 100644
--- a/deployment/modules/aws/tesseract/test/main.tf
+++ b/deployment/modules/aws/tesseract/test/main.tf
@@ -14,6 +14,15 @@ module "storage" {
 module "secretsmanager" {
   source = "../../secretsmanager"
 
-  base_name = var.base_name
-  region    = var.region
+  base_name                                  = var.base_name
+  region                                     = var.region
+  tls_private_key_ecdsa_p256_public_key_pem  = module.insecuretlskey.tls_private_key_ecdsa_p256_public_key_pem
+  tls_private_key_ecdsa_p256_private_key_pem = module.insecuretlskey.tls_private_key_ecdsa_p256_private_key_pem
+}
+
+# [WARNING]
+# This module will store unencrypted private keys in the Terraform state file.
+# DO NOT use this for production logs.
+module "insecuretlskey" {
+  source = "../../insecuretlskey"
 }