diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -95,6 +95,10 @@
             "identitySocketAddr" : "${var.identity_socket_address}"
           })
         },
+        {
+          name  = "COMM_JSONCONFIG_facts_authoritative_keyserver",
+          value = jsonencode(var.authoritative_keyserver_config),
+        }
       ]
       logConfiguration = {
         "logDriver" = "awslogs"
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -40,6 +40,14 @@
   description = "Use non-default vpc and subnets"
 }
 
+variable "authoritative_keyserver_config" {
+  description = "Authoritative keyserver user id"
+  type = object({
+    authoritativeKeyserverID = optional(string)
+  })
+  default = {}
+}
+
 variable "availability_zone_1" {
   description = "First availability zone for vpc subnet if user created vpc"
   type        = string