We consider the problem of distributing secret keys covertly over a classical-quantum (CQ) channel. The objective here is to not only offer strong secrecy guarantees approaching those of quantum key distribution, but also ensure that an attacker should be unable to even detect that key distribution is taking place. We provide a formal definition of what would constitute a covert key generation protocol, and we characterize achievable throughputs for certain CQ channels.