Deployment Key Library (BB-11027)

Issue #10086 open
Matteo Kloiber
created an issue

Hello, I have multiple projects that use all the same deployment key. When I create a new project (which happens once per month), I need to connect to my deployment server and fetch the key, which is a hassle for me. Could you please add an option to "share deployment keys"?

You could create a section on one's account page to add "deployment keys". These keys won't be used by default for all project, instead, there should be an option to import these keys from the project's deployment key view.
In addition, there should be an optional checkbox which allows updating the key automatically (i.e. when I update the key in my profile, the key will be updated on all my projects, if enabled). This is extremely handy if you need to move to another server (and don't want to keep the old ssh keys), or if your keys get compromised (aka. Heartbleed).

I think this could save some of us a lot of time and it is extremely handy to just import deployment keys instead of getting them for the server.

Comments (9)

  1. paul

    I would add that for some of use this is an even bigger issue when using a component architecture as I have one project that spans multiple repositories and if I have to change my deployment keys I have many repositories to update, enough that it feels I should be using a regular SSH key but that exposes my repositories to alot of risk. The other option would be to have the ability to set a role or permissions for an SSH key like we do with users.

  2. Anonymous

    Gitlab (not really familiar with others) has a separate option in your admin where you define deployment keys in your account. Then per project you can select a pre-defined deploy key. Really handy.

  3. Simon Jackson

    I'm for having user+key specific rights. Per user rights works most of the time, but sometimes a specifically located key of a user needs to have the rights, and not all keys. Deployment keys are anon read keys, and I'm not that into anon reads. An attached user would definitely be needed for automated writes or admin.

  4. Log in to comment