diff --git a/.bin/generate-keys.sh b/.bin/generate-keys.sh
new file mode 100755
index 0000000..8b87f2e
--- /dev/null
+++ b/.bin/generate-keys.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -euo pipefail
+
+YAML_FILE="access.yml"
+USER="$1"
+
+# Extract user fields from YAML
+GIT_NAME=$(yq ".\"$USER\".name" "$YAML_FILE")
+GIT_EMAIL=$(yq ".\"$USER\".email" "$YAML_FILE")
+
+# Ensure fields are not empty
+if [[ -z "$GIT_NAME" || -z "$GIT_EMAIL" ]]; then
+  echo "❌ Error: User '$USER' not found or missing name/email in $YAML_FILE"
+  exit 1
+fi
+
+# Create output directory
+USER_DIR="keys/$USER"
+mkdir -p "$USER_DIR"
+
+# Generate SSH keypair if it doesn't exist
+KEYFILE="$USER_DIR/id_ed25519"
+
+if [[ -f "$KEYFILE" ]]; then
+  echo "🔑 SSH key already exists for $USER at $KEYFILE"
+else
+  ssh-keygen -t ed25519 -N "" -C "$GIT_EMAIL" -f "$KEYFILE"
+  echo "✅ SSH keypair generated at:"
+  echo "   🔐 Private: $KEYFILE"
+  echo "   🔓 Public : $KEYFILE.pub"
+fi