About

  • A deploy key is an SSH public key.
  • The token must be be generated manually using the local command-line.
  • It takes more effort to set up than the other steps.
  • Use it in an action using this:
      ${{ secrets.DEPLOY_KEY }}
    
  • It can be used to read from a Git repo (including a private one) and deploy it on a remote server.
  • Optionally it can have write access - such as for writing to a deploy branch.

How to generate a SSH key

  • If the machine doesn’t have an SSH key set, you’ll have to generate one.
  • Even if it has one, you might choose to create a new one that is used specifically for GitHub, so you could delete if you want and leave behind one that you use for other SSH purposes.

Generate

Run this locally:

$ ssh-keygen

Or, according to gist on using it on a Linux server - not in the GH Actions context.

$ ssh-keygen -t rsa -b 4096 -C "foo@bar.com"

The comment can be an email address, or a machine identifier based on your username and hostname e.g. my-user@dell where you generated. For GitHub Actions the email makes more sense as you won’t actually use the local machine to do a deploy so the machine identifier does not make sense.

View

$ cat ~/.ssh/id_rsa.pub

SSH guide on GitHub docs.

How to add a deploy key on GitHub

  1. Go to repo Settings.
  2. Go to Deploy Keys.
  3. Create key.
    • Set title with a convenient value to later reference. This can have spaces in it.
    • Paste into key as an SSH public key (so only that a certain machine can deploy).
    • Optionally tick Allow write access.