diff --git a/app/controllers/api/v1/repositories_controller.rb b/app/controllers/api/v1/repositories_controller.rb
index 63a1ffffe..642ad7ca0 100644
--- a/app/controllers/api/v1/repositories_controller.rb
+++ b/app/controllers/api/v1/repositories_controller.rb
@@ -30,6 +30,9 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
     destroy_subject @repository
   end
 
+  def key_pair
+  end
+
   def add_project
     project = Project.where(:id => params[:project_id]).first
     if project
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6910c1164..c8a6fde42 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -154,6 +154,12 @@ class Ability
       cannot([:get_list, :create], MassBuild) {|mass_build| mass_build.platform.personal?}
       cannot(:cancel, MassBuild) {|mass_build| mass_build.platform.personal? || mass_build.stop_build}
 
+      if @user.uname == 'iso_worker_1'
+        can :key_pair, Repository
+      else
+        cannot :key_pair, Repository
+      end
+
       can :create, Subscribe do |subscribe|
         !subscribe.subscribeable.subscribes.exists?(:user_id => user.id)
       end
diff --git a/app/views/api/v1/repositories/key_pair.json.jbuilder b/app/views/api/v1/repositories/key_pair.json.jbuilder
new file mode 100644
index 000000000..82d6d32f4
--- /dev/null
+++ b/app/views/api/v1/repositories/key_pair.json.jbuilder
@@ -0,0 +1,6 @@
+json.repository do |json|
+  json.partial! 'repository', :repository => @repository, :json => json
+  json.key_pair do |json_key_pair|
+    json_key_pair.(@repository.key_pair, :public, :secret)
+  end
+end
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 6bc1b2eb7..177c5c659 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -38,6 +38,7 @@ Rosa::Application.routes.draw do
       resources :repositories, :only => [:show, :update, :destroy] do
         member {
           get :projects
+          get :key_pair
           put :add_member
           delete :remove_member
           put :add_project
diff --git a/spec/controllers/api/v1/repositories_controller_spec.rb b/spec/controllers/api/v1/repositories_controller_spec.rb
index fac89600e..5f29fc0da 100644
--- a/spec/controllers/api/v1/repositories_controller_spec.rb
+++ b/spec/controllers/api/v1/repositories_controller_spec.rb
@@ -39,6 +39,13 @@ shared_examples_for "api repository user without show rights" do
   end
 end
 
+shared_examples_for "api repository user without key_pair rights" do
+  it 'should not be able to perform key_pair action' do
+    get :key_pair, :id => @repository.id, :format => :json
+    response.should_not be_success
+  end
+end
+
 shared_examples_for 'api repository user with writer rights' do
 
   context 'api repository user with update rights' do
@@ -264,6 +271,7 @@ describe Api::V1::RepositoriesController do
       it_should_behave_like 'api repository user with show rights'
     end
     it_should_behave_like 'api repository user without writer rights'
+    it_should_behave_like 'api repository user without key_pair rights'
 
     it 'should not be able to perform projects action', :anonymous_access => false do
       get :projects, :id => @repository.id, :format => :json
@@ -280,6 +288,7 @@ describe Api::V1::RepositoriesController do
     it_should_behave_like 'api repository user with reader rights'
     it_should_behave_like 'api repository user with reader rights for hidden platform'
     it_should_behave_like 'api repository user with writer rights'
+    it_should_behave_like 'api repository user without key_pair rights'
   end
 
   context 'for platform owner user' do
@@ -294,6 +303,7 @@ describe Api::V1::RepositoriesController do
     it_should_behave_like 'api repository user with reader rights'
     it_should_behave_like 'api repository user with reader rights for hidden platform'
     it_should_behave_like 'api repository user with writer rights'
+    it_should_behave_like 'api repository user without key_pair rights'
   end
 
   context 'for user' do
@@ -306,5 +316,26 @@ describe Api::V1::RepositoriesController do
     it_should_behave_like 'api repository user without reader rights for hidden platform'
     it_should_behave_like 'api repository user with show rights'
     it_should_behave_like 'api repository user without writer rights'
+    it_should_behave_like 'api repository user without key_pair rights'
   end
+
+  context 'for system user' do
+    before(:each) do
+      @user = FactoryGirl.create(:user, :uname => 'iso_worker_1')
+      http_login(@user)
+    end
+
+    it 'should be able to perform key_pair action when repository has not keys' do
+      get :key_pair, :id => @repository.id, :format => :json
+      response.should be_success
+    end
+
+    it 'should be able to perform key_pair action when repository has keys' do
+      FactoryGirl.create(:key_pair, :repository => @repository)
+      get :key_pair, :id => @repository.id, :format => :json
+      response.should be_success
+    end
+
+  end
+
 end