diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go
index a12356708..03e6067d1 100644
--- a/bootstrapper/internal/joinclient/joinclient.go
+++ b/bootstrapper/internal/joinclient/joinclient.go
@@ -285,7 +285,7 @@ func (c *JoinClient) startNodeAndJoin(ticket *joinproto.IssueJoinTicketResponse,
 	}
 
 	// TODO(miampf): Make path a constant
-	if err := c.fileHandler.Write("/run/ssh/ssh_ca.pub", ssh.MarshalAuthorizedKey(ca.PublicKey()), file.OptMkdirAll); err != nil {
+	if err := c.fileHandler.Write(constants.SSHCAKeyPath, ssh.MarshalAuthorizedKey(ca.PublicKey()), file.OptMkdirAll); err != nil {
 		return fmt.Errorf("writing ca key: %w", err)
 	}
 
diff --git a/internal/constants/constants.go b/internal/constants/constants.go
index 172411630..aecef23c8 100644
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@@ -44,6 +44,8 @@ const (
 	CLIDebugLogFile = "constellation-debug.log"
 	// SSHCAKeySuffix is the suffix used together with the DEKPrefix to derive an SSH CA key for emergency ssh access.
 	SSHCAKeySuffix = "ca_emergency_ssh"
+	// SSHCAKeyPath is the path to the emergency SSH CA key on the node.
+	SSHCAKeyPath = "/run/ssh/ssh_ca.pub"
 
 	//
 	// Ports.