jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Repo deploy keys can now be disabled by default by enterprise policy [GA] (redux) (#52618)

Browse Source 
Co-authored-by: vgrl <vgrl@github.com>
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
This commit is contained in:
Isaac Brown
2024-10-23 16:13:28 +01:00
committed by GitHub
parent 97a4757c57
commit 5390d95f6e
7 changed files with 69 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
content/authentication/connecting-to-github-with-ssh/managing-deploy-keys.md
View File

@@ -69,6 +69,8 @@ See [our guide on creating a {% data variables.product.pat_generic %}](/authenti
{% data reusables.repositories.deploy-keys-write-access %}
For enhanced security and fine-grained control over repository access and permissions, we recommend using a GitHub App instead. See "[AUTOTITLE](/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app#github-apps-offer-enhanced-security)."
### Pros of deploy keys
* Anyone with access to the repository and server has the ability to deploy the project.
@@ -79,10 +81,16 @@ See [our guide on creating a {% data variables.product.pat_generic %}](/authenti
* Deploy keys only grant access to a single repository. More complex projects may have many repositories to pull to the same server.
* Deploy keys are usually not protected by a passphrase, making the key easily accessible if the server is compromised.
* If the user who created the deploy key is removed from the repository, the deploy key will still be active as it isn't tied to the specific user, but rather to the repository.
* Deploy keys are credentials that don't have an expiry date.
* Deploy keys aren't linked directly to organization membership. If the user who created the deploy key is removed from the repository, the deploy key will still be active as it isn't tied to the specific user, but rather to the repository.
### Set up deploy keys
{% ifversion deploy-keys-enterprise-org-policy %}
> [!NOTE] If your organization is owned by an enterprise, and your enterprise owner has restricted the use of deploy keys in repositories, then you cannot override the policy in your organization to create a deploy key. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-deploy-keys)."
{% endif %}
1. [Run the `ssh-keygen` procedure][generating-ssh-keys] on your server, and remember where you save the generated public and private rsa key pair.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}