diff --git a/src/garage/admin_rpc.rs b/src/garage/admin_rpc.rs
index 10087f74..df00fcaf 100644
--- a/src/garage/admin_rpc.rs
+++ b/src/garage/admin_rpc.rs
@@ -245,6 +245,17 @@ impl AdminRpcHandler {
 					key.key_id
 				)))
 			}
+			KeyOperation::Import(query) => {
+				let prev_key = self.garage.key_table.get(&EmptyKey, &query.key_id)
+					.await?;
+				if prev_key.is_some() {
+					return Err(Error::Message(format!("Key {} already exists in data store. Even if it is deleted, we can't let you create a new key with the same ID. Sorry.", query.key_id)));
+				}
+				let imported_key = Key::import(&query.key_id, &query.secret_key, &query.name);
+				self.garage.key_table.insert(&imported_key).await?;
+				Ok(AdminRPC::KeyInfo(imported_key))
+
+			}
 		}
 	}
 
diff --git a/src/garage/cli.rs b/src/garage/cli.rs
index e74f59a2..21bafebd 100644
--- a/src/garage/cli.rs
+++ b/src/garage/cli.rs
@@ -194,6 +194,10 @@ pub enum KeyOperation {
 	/// Delete key
 	#[structopt(name = "delete")]
 	Delete(KeyDeleteOpt),
+
+	/// Import key
+	#[structopt(name = "import")]
+	Import(KeyImportOpt),
 }
 
 #[derive(Serialize, Deserialize, StructOpt, Debug)]
@@ -228,6 +232,19 @@ pub struct KeyDeleteOpt {
 	pub yes: bool,
 }
 
+#[derive(Serialize, Deserialize, StructOpt, Debug)]
+pub struct KeyImportOpt {
+	/// Access key ID
+	pub key_id: String,
+
+	/// Secret access key
+	pub secret_key: String,
+
+	/// Key name
+	#[structopt(short = "n", default_value = "Imported key")]
+	pub name: String,
+}
+
 #[derive(Serialize, Deserialize, StructOpt, Debug, Clone)]
 pub struct RepairOpt {
 	/// Launch repair operation on all nodes
diff --git a/src/model/key_table.rs b/src/model/key_table.rs
index 02dcf68c..fcca3835 100644
--- a/src/model/key_table.rs
+++ b/src/model/key_table.rs
@@ -34,6 +34,15 @@ impl Key {
 			authorized_buckets: crdt::LWWMap::new(),
 		}
 	}
+	pub fn import(key_id: &str, secret_key: &str, name: &str) -> Self {
+		Self {
+			key_id: key_id.to_string(),
+			secret_key: secret_key.to_string(),
+			name: crdt::LWW::new(name.to_string()),
+			deleted: crdt::Bool::new(false),
+			authorized_buckets: crdt::LWWMap::new(),
+		}
+	}
 	pub fn delete(key_id: String) -> Self {
 		Self {
 			key_id,