diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl
index 3c093ffb..8364f84b 100644
--- a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl
+++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/terragrunt.hcl
@@ -22,6 +22,7 @@ locals {
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
   gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
+  extra_tesseract_flags                      = []
 }
 
 include "root" {
diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl
index 5273c95b..0d8737dc 100644
--- a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl
+++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/terragrunt.hcl
@@ -23,6 +23,7 @@ locals {
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
   gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
+  extra_tesseract_flags                      = []
 }
 
 include "root" {
diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl
index 3e64dfc3..1baca690 100644
--- a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl
+++ b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/terragrunt.hcl
@@ -23,6 +23,7 @@ locals {
   additional_signer_private_key_secret_names = ["projects/${include.root.locals.project_id}/secrets/${local.base_name}-ed25519-private-key/versions/1"]
   gcs_use_grpc                               = true
   garbage_collection_interval                = "10s"
+  extra_tesseract_flags                      = []
 }
 
 include "root" {
diff --git a/deployment/modules/gcp/gce/tesseract/main.tf b/deployment/modules/gcp/gce/tesseract/main.tf
index 90770f1e..0faf9e7b 100644
--- a/deployment/modules/gcp/gce/tesseract/main.tf
+++ b/deployment/modules/gcp/gce/tesseract/main.tf
@@ -38,7 +38,7 @@ locals {
   ])
 
   # tesseract_args are provided to the tesseract command.
-  tesseract_args = [
+  tesseract_args = concat([
     "-logtostderr",
     "-v=0",
     "-slog_level=-4",
@@ -68,8 +68,8 @@ locals {
     var.witness_policy == "" ? "" : "-witness_policy_file=${local.witness_policy_file}",
     length(var.additional_signer_private_key_secret_names) == 0 ? "" : join(" ", formatlist("-additional_signer_private_key_secret_name=%s", var.additional_signer_private_key_secret_names)),
     "-gcs_use_grpc=${var.gcs_use_grpc}",
-    var.garbage_collection_interval == null ? "" : "-garbage_collection_interval=${var.garbage_collection_interval}"
-  ]
+    var.garbage_collection_interval == null ? "" : "-garbage_collection_interval=${var.garbage_collection_interval}",
+  ], var.extra_tesseract_flags)
 
   container_name      = "tesseract-${var.base_name}"
   cached_docker_image = "${google_artifact_registry_repository.tesseract.registry_uri}/${var.server_docker_image}"
diff --git a/deployment/modules/gcp/gce/tesseract/variables.tf b/deployment/modules/gcp/gce/tesseract/variables.tf
index 0e97f84a..b55dc7fc 100644
--- a/deployment/modules/gcp/gce/tesseract/variables.tf
+++ b/deployment/modules/gcp/gce/tesseract/variables.tf
@@ -170,3 +170,9 @@ variable "garbage_collection_interval" {
   default     = null
 }
 
+variable "extra_tesseract_flags" {
+  description = "A list of strings representing any additional arguments to append to the Tesseract command line. Example: [\"-flag1=value1\", \"-flag2=value2\"]. NOTE: This is intended as a temporary solution; other flags should be defined using their own dedicated variables and not added this way."
+  type        = list(string)
+  default     = []
+}
+
diff --git a/deployment/modules/gcp/tesseract/gce/main.tf b/deployment/modules/gcp/tesseract/gce/main.tf
index 71ca50c4..9f2248f8 100644
--- a/deployment/modules/gcp/tesseract/gce/main.tf
+++ b/deployment/modules/gcp/tesseract/gce/main.tf
@@ -54,6 +54,7 @@ module "gce" {
   roots_reject_fingerprints                  = var.roots_reject_fingerprints
   gcs_use_grpc                               = var.gcs_use_grpc
   garbage_collection_interval                = var.garbage_collection_interval
+  extra_tesseract_flags                      = var.extra_tesseract_flags
 
   depends_on = [
     module.storage
diff --git a/deployment/modules/gcp/tesseract/gce/variables.tf b/deployment/modules/gcp/tesseract/gce/variables.tf
index 87f77551..4e03fe32 100644
--- a/deployment/modules/gcp/tesseract/gce/variables.tf
+++ b/deployment/modules/gcp/tesseract/gce/variables.tf
@@ -180,3 +180,9 @@ variable "garbage_collection_interval" {
   default     = null
 }
 
+variable "extra_tesseract_flags" {
+  description = "A list of strings representing any additional arguments to append to the Tesseract command line. Example: [\"-flag1=value1\", \"-flag2=value2\"]. NOTE: This is intended as a temporary solution; other flags should be defined using their own dedicated variables and not added this way."
+  type        = list(string)
+  default     = []
+}
+