diff --git a/quickstart/openchami-svcs.yml b/quickstart/openchami-svcs.yml
index 87e7ad8..4539ea2 100644
--- a/quickstart/openchami-svcs.yml
+++ b/quickstart/openchami-svcs.yml
@@ -112,5 +112,24 @@ services:
       interval: 5s
       timeout: 10s
       retries: 60
-
-
+###
+# cloud-init Server Container
+###
+  # cloud-init server, with the secure route disabled for now
+  cloud-init:
+    image: ghcr.io/openchami/cloud-init:v0.1.0
+    container_name: cloud-init
+    hostname: cloud-init
+    environment:
+      - LISTEN_ADDR=:27777
+      - SMD_URL=http://smd:27779
+      - OPAAL_URL=http://opaal:3333
+    ports:
+      - '27777:27777'
+    depends_on:
+      smd:
+        condition: service_healthy
+      opaal:
+        condition: service_healthy
+    networks:
+      - internal
diff --git a/quickstart/tpm-manager.yml b/quickstart/tpm-manager.yml
index 94b0760..0666f60 100644
--- a/quickstart/tpm-manager.yml
+++ b/quickstart/tpm-manager.yml
@@ -18,3 +18,11 @@ services:
         condition: service_healthy
     networks:
       - internal
+  ###
+  # cloud-init server container, provides secured config access via JWT authorization
+  # NOTE: This merges with the default cloud-init config specified in openchami-svcs.yml
+  ###
+  cloud-init:
+    environment:
+      # This enables the server's secure route
+      - JWKS_URL=http://opaal:3333/keys