đź“ť Edit page
âž• Add page
Deploy key
A repo-scoped GitHub tokens useful for automated deploys
About
- A deploy key is an SSH public key.
- The token must be be generated manually using the local command-line.
- It takes more effort to set up than the other steps.
- Use it in an action using this:
${{ secrets.DEPLOY_KEY }} - It can be used to read from a Git repo (including a private one) and deploy it on a remote server.
- Optionally it can have write access - such as for writing to a deploy branch.
How to generate a SSH key
- If the machine doesn’t have an SSH key set, you’ll have to generate one.
- Even if it has one, you might choose to create a new one that is used specifically for GitHub, so you could delete if you want and leave behind one that you use for other SSH purposes.
Generate
Run this locally:
$ ssh-keygen
Or, according to gist on using it on a Linux server - not in the GH Actions context.
$ ssh-keygen -t rsa -b 4096 -C "foo@bar.com"
The comment can be an email address, or a machine identifier based on your username and hostname e.g. my-user@dell where you generated. For GitHub Actions the email makes more sense as you won’t actually use the local machine to do a deploy so the machine identifier does not make sense.
View
$ cat ~/.ssh/id_rsa.pub
SSH guide on GitHub docs.
How to add a deploy key on GitHub
- Go to repo Settings.
- Go to Deploy Keys.
- Create key.
- Set title with a convenient value to later reference. This can have spaces in it.
- Paste into key as an SSH public key (so only that a certain machine can deploy).
- Optionally tick Allow write access.