diff --git a/bin/setup-local-gpg b/bin/setup-local-gpg
new file mode 100755
index 0000000000..d0e1596135
--- /dev/null
+++ b/bin/setup-local-gpg
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+GNUPGHOME="$(mktemp -d)"
+export GNUPGHOME
+
+cat >"$GNUPGHOME/gpg-batch" <<EOF
+%echo Generating a basic OpenPGP key
+Key-Type: RSA
+Key-Length: 4096
+Name-Real: Local Test User
+Name-Email: local-test@welkin.test
+Expire-Date: 0
+%no-protection
+%commit
+%echo done
+EOF
+
+gpg --batch --generate-key "$GNUPGHOME/gpg-batch" >/dev/null 2>&1
+
+# SOPS needs this fingerprint to know which key to use
+FINGERPRINT=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2)
+
+echo "export GNUPGHOME='$GNUPGHOME'"
+echo "export CK8S_PGP_FP='$FINGERPRINT'"
diff --git a/scripts/local-cluster.sh b/scripts/local-cluster.sh
index 78704a7443..d4dda885eb 100755
--- a/scripts/local-cluster.sh
+++ b/scripts/local-cluster.sh
@@ -296,16 +296,32 @@ config() {
   export flavor
   export ops_prefix
 
+  local config_path_was_unset=false
+  local pgp_key_was_unset=false
+
   if [[ -z "${name}" ]] || [[ -z "${flavor}" ]] || [[ -z "${domain}" ]]; then
     log.usage
   fi
 
   if [[ -z "${CK8S_CONFIG_PATH:-}" ]]; then
-    log.fatal "CK8S_CONFIG_PATH is unset"
+    config_path_was_unset=true
+    export CK8S_CONFIG_PATH="${HOME}/.ck8s/welkin-quick-start"
+    mkdir -p "${CK8S_CONFIG_PATH}"
+    log.info "CK8S_CONFIG_PATH is unset. Using default: ${CK8S_CONFIG_PATH}"
   fi
 
   if [[ -z "${CK8S_PGP_FP:-}" ]]; then
-    log.fatal "CK8S_PGP_FP is unset"
+    pgp_key_was_unset=true
+    if [[ -x "${ROOT}/bin/setup-local-gpg" ]]; then
+      eval "$("${ROOT}/bin/setup-local-gpg")"
+      log.info "CK8S_PGP_FP is unset. Using temporary GPP key: ${CK8S_PGP_FP}"
+      log.info "Using temp GNUPGHOME: ${GNUPGHOME}"
+      log.warn "Once this is cleared you will loose the ability to decrypt the secrets for this config path."
+    fi
+
+    if [[ -z "${CK8S_PGP_FP:-}" ]]; then
+      log.fatal "CK8S_PGP_FP is unset and automatic generation failed."
+    fi
   fi
 
   if ! [[ -d "${CK8S_CONFIG_PATH}" ]]; then
@@ -353,6 +369,18 @@ config() {
   fi
 
   "${ROOT}/bin/ck8s" init both
+
+  if [[ "${config_path_was_unset}" == "true" ]] || [[ "${pgp_key_was_unset}" == "true" ]]; then
+    log.info "Run these commands to configure your current shell session before creating cluster"
+    if [[ "${config_path_was_unset}" == "true" ]]; then
+      log.info "export CK8S_CONFIG_PATH='${CK8S_CONFIG_PATH}'"
+    fi
+
+    if [[ "${pgp_key_was_unset}" == "true" ]]; then
+      log.info "export CK8S_PGP_FP='${CK8S_PGP_FP}'"
+      log.info "export GNUPGHOME='${GNUPGHOME}'"
+    fi
+  fi
 }
 
 create() {