Have you ever noticed a menu, deep down inside the GitHub settings, called Deploy Key and wondered what that was for?
Well, today you'll finally know what that is for and how to use it.
Today we talk about GitHub's Deploy Keys. What are they for? How to use them? Pros and Cons?
First of all, let's see where we can find them.
In your repo, just go to Settings, and here you have it: Deploy Keys.
Before adding one, let's talk about what they are.
If you are a visual learner or simply prefer to watch and listen instead of reading, here you have the video with the whole explanation, which to be fair is much more complete than this post.
If you rather prefer reading, well... let's just continue :)
Deploy Keys work in conjunction with something called "Delivering Deployments".
The Deployments APIs, in fact, provides the capability to launch your GitHub hosted projects on a server that you own. Combined with the Status API, you'll be able to coordinate your deployments the moment your code is committed on master.
And here is where the Deploy Keys come into the picture.
Because a Deploy Key is basically an SSH key that grants access to a single repository. GitHub attaches the public part of the key directly to your repository instead of a personal user account, and the private part of the key remains on your server.
And you can assign them write access so they can perform the same actions as a user with admin access, or a collaborator on a personal repository.
To create a Deploy Key, first thing to do is running the ssh-keygen procedure on the server it is intended for.
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
This will create both the private and the public key.
Next, check the
/.ssh/XXX.pub file inside your home folder to see the public key (where XXX is the name of the file you specified in the previous command) and copy it's content. In my case:
Alright, now that we have the key let's go back to GitHub.
Click on the Add Deploy Key button and fill in the form.
By default, the key is Read Only, meaning that can only Pull from the repo. If you want it to be enabled for Write Operations, just check the option.
There you go, now your Deploy Key is added to GitHub and can be used to launch your project directly on your server.
Consider watching my Video with full explanation about GitHub Deploy Keys on YouTube
Finally, let's take a look at the Pros and Cons of this approach.
- Anyone with access to the repository and server has the ability to deploy the project.
- Users don't have to change their local SSH settings.
- Deploy keys are read-only by default, but you can give them write access when adding them to a repository.
- Deploy keys only grant access to a single repository. More complex projects may have many repositories to pull to the same server.
- Deploy keys are usually not protected by a passphrase, making the key easily accessible if the server is compromised.
What do you think of the GitHub's Deploy Key? Let me know in the comment section below.
There are other ways to do launch a project on your servers, let me know if you are interested to explore the other ones.