diff --git a/ansible/def.ansible.mk b/ansible/def.ansible.mk
index 8db6be1..6db8c38 100644
--- a/ansible/def.ansible.mk
+++ b/ansible/def.ansible.mk
@@ -10,17 +10,17 @@ ANSIBLE_DOCKER_IMAGE_TAG        ?= $(DOCKER_IMAGE_TAG)
 ANSIBLE_DOCKER_REGISTRY         ?= $(DOCKER_REGISTRY)
 ANSIBLE_EXTRA_VARS              ?= target=localhost
 ANSIBLE_GIT_DIRECTORY           ?= /src/$(subst git@,,$(subst ssh://,,$(GIT_REPOSITORY)))
-ANSIBLE_GIT_KEY_FILE            ?= ~$(ANSIBLE_USERNAME)/.ssh/$(notdir $(ANSIBLE_SSH_PRIVATE_KEY))
+ANSIBLE_GIT_KEY_FILE            ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS),~$(ANSIBLE_USERNAME)/.ssh/$(notdir $(firstword $(ANSIBLE_SSH_PRIVATE_KEYS))))
 ANSIBLE_GIT_REPOSITORY          ?= $(GIT_REPOSITORY)
 ANSIBLE_GIT_VERSION             ?= $(BRANCH)
 ANSIBLE_INVENTORY               ?= ansible/inventories
 ANSIBLE_PLAYBOOK                ?= ansible/playbook.yml
-ANSIBLE_SSH_PRIVATE_KEY         ?= ~/.ssh/id_rsa
+ANSIBLE_SSH_PRIVATE_KEYS        ?= $(SSH_PRIVATE_KEYS)
 ANSIBLE_SERVER_NAME             ?= $(SERVER_NAME)
 ANSIBLE_USERNAME                ?= root
 ANSIBLE_VERBOSE                 ?= -v
 CMDS                            += ansible ansible-playbook
-ENV_VARS                        += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_PRIVATE_KEY ANSIBLE_USERNAME ANSIBLE_VERBOSE
+ENV_VARS                        += ANSIBLE_AWS_ACCESS_KEY_ID ANSIBLE_AWS_DEFAULT_OUTPUT ANSIBLE_AWS_DEFAULT_REGION ANSIBLE_AWS_SECRET_ACCESS_KEY ANSIBLE_CONFIG ANSIBLE_DISKS_NFS_DISK ANSIBLE_DISKS_NFS_OPTIONS ANSIBLE_DISKS_NFS_PATH ANSIBLE_DOCKER_IMAGE_TAG ANSIBLE_DOCKER_REGISTRY ANSIBLE_EXTRA_VARS ANSIBLE_GIT_DIRECTORY ANSIBLE_GIT_KEY_FILE ANSIBLE_GIT_REPOSITORY ANSIBLE_GIT_VERSION ANSIBLE_INVENTORY ANSIBLE_PLAYBOOK ANSIBLE_SSH_PRIVATE_KEYS ANSIBLE_USERNAME ANSIBLE_VERBOSE
 
 ifeq ($(DEBUG), true)
 ANSIBLE_VERBOSE                 := -vvvv
diff --git a/ansible/inventories/host_vars/default b/ansible/inventories/host_vars/default
index b882336..a58b287 100644
--- a/ansible/inventories/host_vars/default
+++ b/ansible/inventories/host_vars/default
@@ -28,8 +28,7 @@ hosts_packages:
 - { "name": "util-linux", "state": "present" }
 - { "name": "vim", "state": "present" }
 - { "name": "zsh", "state": "present" }
-hosts_ssh_private_keys:
-- "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEY') or '~/.ssh/id_rsa' }}"
+hosts_ssh_private_keys: "{{ lookup('env','ANSIBLE_SSH_PRIVATE_KEYS').split(' ').default([]) }}"
 hosts_ssh_users:
 - aya
 hosts_user_env:
diff --git a/docker/ansible/Dockerfile b/docker/ansible/Dockerfile
index 1ccd724..c021aaf 100644
--- a/docker/ansible/Dockerfile
+++ b/docker/ansible/Dockerfile
@@ -2,7 +2,8 @@ FROM alpine:latest as dist
 ARG DOCKER_BUILD_DIR
 
 RUN apk --no-cache add \
-        ansible
+        ansible \
+        py3-pip
 
 RUN pip3 install boto
 
diff --git a/packer/def.packer.mk b/packer/def.packer.mk
index 428d062..e15a0d5 100644
--- a/packer/def.packer.mk
+++ b/packer/def.packer.mk
@@ -74,7 +74,7 @@ ifeq ($(DOCKER), true)
 
 # packer ansible provisionner needs:
 ## empty local ssh agent (ssh-add -D)
-## ANSIBLE_SSH_PRIVATE_KEY set to a key giving access to ANSIBLE_GIT_REPOSITORY without password
+## ANSIBLE_SSH_PRIVATE_KEYS set to a key giving access to ANSIBLE_GIT_REPOSITORY without password
 ## ANSIBLE_AWS_ACCESS_KEY_ID and ANSIBLE_AWS_SECRET_ACCESS_KEY
 define packer
 	$(call run,$(DOCKER_RUN_OPTIONS_PACKER) $(DOCKER_SSH_AUTH) -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) $(DOCKER_REPOSITORY)/packer:$(DOCKER_IMAGE_TAG) $(1))
@@ -117,7 +117,7 @@ define packer-build
 	echo 'nfs_path: $(ANSIBLE_DISKS_NFS_PATH)'                  >> $(PACKER_ISO_INFO)
 	echo 'pass: $(password)'                                    >> $(PACKER_ISO_INFO)
 	echo 'size: $(iso_size)'                                    >> $(PACKER_ISO_INFO)
-	echo 'ssh_key: $(ANSIBLE_SSH_PRIVATE_KEY)'                  >> $(PACKER_ISO_INFO)
+	echo 'ssh_key: $(ANSIBLE_SSH_PRIVATE_KEYS)'                 >> $(PACKER_ISO_INFO)
 	echo 'user: $(username)'                                    >> $(PACKER_ISO_INFO)
 endef
 
diff --git a/terraform/def.terraform.mk b/terraform/def.terraform.mk
index a694ccd..5648cd0 100644
--- a/terraform/def.terraform.mk
+++ b/terraform/def.terraform.mk
@@ -2,12 +2,8 @@ CMDS                            += terraform
 
 ifeq ($(DOCKER), true)
 
-# packer ansible provisionner needs:
-## empty local ssh agent (ssh-add -D)
-## ANSIBLE_SSH_PRIVATE_KEY set to a key giving access to ANSIBLE_GIT_REPOSITORY without password
-## ANSIBLE_AWS_ACCESS_KEY_ID and ANSIBLE_AWS_SECRET_ACCESS_KEY
 define terraform
-$(call run,hashicorp/terraform:light $(1))
+    $(call run,hashicorp/terraform:light $(1))
 endef
 
 else