diff --git a/tests/integration/kubernetes/k8s-policy-set-keys.bats b/tests/integration/kubernetes/k8s-policy-set-keys.bats
new file mode 100644
index 0000000000..f1727a8da7
--- /dev/null
+++ b/tests/integration/kubernetes/k8s-policy-set-keys.bats
@@ -0,0 +1,42 @@
+#!/usr/bin/env bats
+#
+# Copyright (c) 2023 Microsoft.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+load "${BATS_TEST_DIRNAME}/../../common.bash"
+load "${BATS_TEST_DIRNAME}/tests_common.sh"
+
+setup() {
+	get_pod_config_dir
+	pod_name="set-keys-test"
+	pod_yaml="${pod_config_dir}/k8s-policy-set-keys.yaml"
+	set_keys_policy=$(base64 -w 0 "${pod_config_dir}/k8s-policy-set-keys.rego")
+}
+
+@test "Set guest keys using policy" {
+	yq write -i "${pod_yaml}" \
+		'metadata.annotations."io.katacontainers.config.agent.policy"' \
+		"${set_keys_policy}"
+
+	# Create the pod
+	kubectl create -f "${pod_yaml}"
+
+	# Wait for pod to start
+	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
+
+	# Obtain the keys from the policy by querying the OPA service
+	my_test_data="http://localhost:8181/v1/data/agent_policy/my_test_data"
+	kubectl exec "$pod_name" -- wget -O - "$my_test_data/default/key/ssh-demo" | grep "{\"result\":\"HUlOu8NWz8si11OZUzUJMnjiq/iZyHBJZMSD3BaqgMc=\"}"
+	kubectl exec "$pod_name" -- wget -O - "$my_test_data/default/key/enabled" | grep "{\"result\":false}"
+	kubectl exec "$pod_name" -- wget -O - "$my_test_data/key1" | grep "{\"result\":\[\"abc\",\"9876\",\"xyz\"\]}"
+	kubectl exec "$pod_name" -- wget -O - "$my_test_data/key2" | grep "{\"result\":45}"
+}
+
+teardown() {
+	# Debugging information
+	kubectl describe "pod/$pod_name"
+
+	kubectl delete pod "$pod_name"
+}
diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh
index 392dbf2981..36f7a56c9d 100644
--- a/tests/integration/kubernetes/run_kubernetes_tests.sh
+++ b/tests/integration/kubernetes/run_kubernetes_tests.sh
@@ -140,9 +140,9 @@ test_successful_actions() {
 	done
 }
 
-test_actions_rejected_by_policy() {
-	info "Test k8s actions that get rejected by policy"
+run_policy_specific_tests() {
 	bats k8s-exec-rejected.bats
+	bats k8s-policy-set-keys.bats
 }
 
 # we may need to skip a few test cases when running on non-x86_64 arch
@@ -154,7 +154,7 @@ fi
 
 if policy_tests_enabled; then
 	ensure_yq
-	test_actions_rejected_by_policy
+	run_policy_specific_tests
 	add_policy_to_successful_tests
 else
 	info "Policy tests are disabled on this platform"
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.rego b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.rego
new file mode 100644
index 0000000000..a06e0ba57b
--- /dev/null
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.rego
@@ -0,0 +1,49 @@
+package agent_policy
+
+default AddARPNeighborsRequest := true
+default AddSwapRequest := true
+default CloseStdinRequest := true
+default CopyFileRequest := true
+default CreateContainerRequest := true
+default CreateSandboxRequest := true
+default DestroySandboxRequest := true
+default ExecProcessRequest := true
+default GetMetricsRequest := true
+default GetOOMEventRequest := true
+default GuestDetailsRequest := true
+default ListInterfacesRequest := true
+default ListRoutesRequest := true
+default MemHotplugByProbeRequest := true
+default OnlineCPUMemRequest := true
+default PauseContainerRequest := true
+default PullImageRequest := true
+default ReadStreamRequest := true
+default RemoveContainerRequest := true
+default RemoveStaleVirtiofsShareMountsRequest := true
+default ReseedRandomDevRequest := true
+default ResumeContainerRequest := true
+default SetGuestDateTimeRequest := true
+default SetPolicyRequest := true
+default SignalProcessRequest := true
+default StartContainerRequest := true
+default StartTracingRequest := true
+default StatsContainerRequest := true
+default StopTracingRequest := true
+default TtyWinResizeRequest := true
+default UpdateContainerRequest := true
+default UpdateEphemeralMountsRequest := true
+default UpdateInterfaceRequest := true
+default UpdateRoutesRequest := true
+default WaitProcessRequest := true
+default WriteStreamRequest := true
+
+my_test_data := {
+    "default": {
+        "key": {
+            "ssh-demo": "HUlOu8NWz8si11OZUzUJMnjiq/iZyHBJZMSD3BaqgMc=",
+            "enabled": false
+        }
+    },
+    "key1": ["abc", "9876", "xyz"],
+    "key2": 45
+}
diff --git a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.yaml b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.yaml
new file mode 100644
index 0000000000..f403fc34d2
--- /dev/null
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-set-keys.yaml
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Pod
+metadata:
+  name: set-keys-test
+spec:
+  terminationGracePeriodSeconds: 0
+  shareProcessNamespace: true
+  runtimeClassName: kata
+  containers:
+    - name: first-test-container
+      image: quay.io/prometheus/busybox:latest
+      env:
+        - name: CONTAINER_NAME
+          value: "first-test-container"
+      command:
+        - sleep
+        - "30"