diff --git a/encryption/encryption_keys.go b/encryption/encryption_keys.go
new file mode 100644
index 0000000000000000000000000000000000000000..1d31fc4cf711224541e61b2cf730b4660aba03dc
--- /dev/null
+++ b/encryption/encryption_keys.go
@@ -0,0 +1,44 @@
+package encryption
+
+import (
+	"encoding/json"
+	"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/errors"
+	"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/logs"
+	"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/secrets_manager"
+)
+
+type EncryptionKeysSecret struct {
+	EncryptionKeysValue string `json:"EncryptionKeys"`
+}
+
+type EncryptionKeys struct {
+	FirebaseEncryptionKey string `json:"firebase_encryption_key"`
+	JWTEncryptionKey      string `json:"jwt_encryption_key"`
+}
+
+func GetEncryptionKeys(secretID string, isDebug bool) (EncryptionKeys, error) {
+	encryptionKeysSecretString, _ := secrets_manager.GetSecret(secretID, isDebug)
+
+	var encryptionKeys EncryptionKeys
+	var encryptionKeysSecret EncryptionKeysSecret
+	err := json.Unmarshal([]byte(encryptionKeysSecretString), &encryptionKeysSecret)
+	if err == nil {
+		err = json.Unmarshal([]byte(encryptionKeysSecret.EncryptionKeysValue), &encryptionKeys)
+	}
+
+	return encryptionKeys, err
+}
+
+func GetJWTEncryptionKey(secretID string, isDebug bool) (string, error) {
+	encryptionKeys, err := GetEncryptionKeys(secretID, isDebug)
+	if err != nil {
+		logs.ErrorWithMsg("Could not get encryption keys from secret manager", err)
+		return "", errors.Error("failed to get encryption keys for login")
+	}
+	return encryptionKeys.JWTEncryptionKey, nil
+}
+
+func GetFirebaseCredentialsEncryptionKey(secretID string, isDebug bool) (string, error) {
+	encryptionKeys, err := GetEncryptionKeys(secretID, isDebug)
+	return encryptionKeys.FirebaseEncryptionKey, err
+}