diff --git a/terraform/account/keys.tf b/terraform/account/keys.tf
index 701f3ebbc1..a821264bf4 100644
--- a/terraform/account/keys.tf
+++ b/terraform/account/keys.tf
@@ -1,4 +1,9 @@
 resource "tls_private_key" "onelogin_auth_pk" {
   algorithm = "RSA"
   rsa_bits  = 2048
+}
+
+resource "tls_private_key" "lpa_data_store_pk" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
 }
\ No newline at end of file
diff --git a/terraform/account/secretsmanager.tf b/terraform/account/secretsmanager.tf
index f68eb9d639..4fbe0e74fd 100644
--- a/terraform/account/secretsmanager.tf
+++ b/terraform/account/secretsmanager.tf
@@ -49,6 +49,35 @@ resource "aws_secretsmanager_secret_version" "gov_uk_onelogin_client_id" {
   }
 }
 
+resource "aws_secretsmanager_secret" "lpa_data_store_private_key" {
+  name       = "lpa-data-store-private-key"
+  kms_key_id = module.secrets_manager_mrk.key_id
+
+  replica {
+    kms_key_id = module.secrets_manager_mrk.key_id
+    region     = "eu-west-2"
+  }
+}
+
+resource "aws_secretsmanager_secret" "lpa_data_store_public_key" {
+  name       = "lpa-data-store-public-key"
+  kms_key_id = module.secrets_manager_mrk.key_id
+
+  replica {
+    kms_key_id = module.secrets_manager_mrk.key_id
+    region     = "eu-west-2"
+  }
+}
+
+resource "aws_secretsmanager_secret_version" "lpa_data_store_private_key" {
+  secret_id     = aws_secretsmanager_secret.lpa_data_store_private_key.id
+  secret_string = tls_private_key.lpa_data_store_pk.private_key_pem
+}
+
+resource "aws_secretsmanager_secret_version" "lpa_data_store_public_key" {
+  secret_id     = aws_secretsmanager_secret.lpa_data_store_public_key.id
+  secret_string = trimspace(tls_private_key.lpa_data_store_pk.public_key_pem)
+}
 
 resource "aws_secretsmanager_secret" "notify_api_key" {
   name       = "notify-api-key"