diff --git a/cmd/encryptkey.go b/cmd/encryptkey.go
new file mode 100644
index 0000000000..a808f89365
--- /dev/null
+++ b/cmd/encryptkey.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+	"log"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/accounts/keystore"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/urfave/cli/v2"
+)
+
+const (
+	encryptKeyFlagPrivateKey = "privateKey"
+	encryptKeyFlagPassword   = "password"
+	encryptKeyFlagOutput     = "output"
+)
+
+var encryptKeyFlags = []cli.Flag{
+	&cli.StringFlag{
+		Name:     encryptKeyFlagPrivateKey,
+		Aliases:  []string{"pk"},
+		Usage:    "Private key hash",
+		Required: true,
+	},
+	&cli.StringFlag{
+		Name:     encryptKeyFlagPassword,
+		Aliases:  []string{"pw"},
+		Usage:    "Password to encrypt the private key",
+		Required: true,
+	},
+	&cli.StringFlag{
+		Name:     encryptKeyFlagOutput,
+		Aliases:  []string{"o"},
+		Usage:    "Output directory to save the encrypted private key file",
+		Required: true,
+	},
+}
+
+func encryptKey(ctx *cli.Context) error {
+	privateKeyHash := ctx.String(encryptKeyFlagPrivateKey)
+	password := ctx.String(encryptKeyFlagPassword)
+	outputDir := ctx.String(encryptKeyFlagOutput)
+
+	privateKey, err := crypto.HexToECDSA(strings.TrimPrefix(privateKeyHash, "0x"))
+	if err != nil {
+		log.Fatal("Invalid private key: ", err)
+	}
+
+	ks := keystore.NewKeyStore(outputDir, keystore.StandardScryptN, keystore.StandardScryptP)
+	if _, err := ks.ImportECDSA(privateKey, password); err != nil {
+		log.Fatal("Failed to encrypt private key: ", err)
+	}
+	return nil
+}
diff --git a/cmd/main.go b/cmd/main.go
index 5eb205f07b..8b615c12fc 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -83,6 +83,13 @@ func main() {
 			Action:  registerSequencer,
 			Flags:   flags,
 		},
+		{
+			Name:    "encryptKey",
+			Aliases: []string{},
+			Usage:   "Encrypts the privatekey with a password and create a keystore file",
+			Action:  encryptKey,
+			Flags:   encryptKeyFlags,
+		},
 	}
 
 	err := app.Run(os.Args)