Deployment Key Library (BB-11027)

Issue #10086 open
Matteo Kloiber created an issue

I have multiple projects that use all the same deployment key. When I create a new project (which happens once per month), I need to connect to my deployment server and fetch the key, which is a hassle for me. Could you please add an option to "share deployment keys"?

You could create a section on one's account page to add "deployment keys". These keys won't be used by default for all project, instead, there should be an option to import these keys from the project's deployment key view.
In addition, there should be an optional checkbox which allows updating the key automatically (i.e. when I update the key in my profile, the key will be updated on all my projects, if enabled). This is extremely handy if you need to move to another server (and don't want to keep the old ssh keys), or if your keys get compromised (aka. Heartbleed).

I think this could save some of us a lot of time and it is extremely handy to just import deployment keys instead of getting them for the server.

Comments (9)

  1. Paul Ryan

    I would add that for some of use this is an even bigger issue when using a component architecture as I have one project that spans multiple repositories and if I have to change my deployment keys I have many repositories to update, enough that it feels I should be using a regular SSH key but that exposes my repositories to alot of risk. The other option would be to have the ability to set a role or permissions for an SSH key like we do with users.

  2. Former user Account Deleted

    Gitlab (not really familiar with others) has a separate option in your admin where you define deployment keys in your account. Then per project you can select a pre-defined deploy key. Really handy.

  3. Simon Jackson

    I'm for having user+key specific rights. Per user rights works most of the time, but sometimes a specifically located key of a user needs to have the rights, and not all keys. Deployment keys are anon read keys, and I'm not that into anon reads. An attached user would definitely be needed for automated writes or admin.

  4. rmwebs NA

    Pretty embarrassing on Atlassians part that this still isn't available. It's basic functionality you expect to have.

  5. Log in to comment