Skip to content

Instantly share code, notes, and snippets.

@renatocron

renatocron/docs.md

Created December 11, 2024 00:50
Show Gist options
  • Save renatocron/c2f0bee0cebb632adc19ddcc7833ed76 to your computer and use it in GitHub Desktop.
Save renatocron/c2f0bee0cebb632adc19ddcc7833ed76 to your computer and use it in GitHub Desktop.
Download ZIP
Multiple Repository Deploy Key Generator for Github
Raw
docs.md

Multiple Repository Deploy Key Generator

A shell script for managing GitHub repository-specific SSH keys

This tool helps system administrators and developers safely manage multiple GitHub repository access keys on a single machine. Perfect for CI/CD pipelines, deployment servers, and development environments requiring specific repository access controls.

Key Features

  • Generates unique SSH keys for individual GitHub repositories
  • Automatically configures SSH settings for repository separation
  • Prevents key conflicts when accessing multiple repositories
  • Enhances security through repository-specific access control
  • Streamlines continuous integration and deployment workflows

Use Cases

  1. Continuous Integration Servers

    • Generate distinct deploy keys for each project
    • Maintain separation of concerns between repositories
    • Enable secure automated deployments

  2. Development Servers

    • Manage multiple repository access points
    • Keep repository permissions isolated
    • Simplify project-specific SSH configurations

  3. Production Deployments

    • Create dedicated deploy keys for production systems
    • Implement principle of least privilege
    • Maintain secure repository access controls

Installation Guide

  1. Download the script to your user's home directory
  2. Make it executable:
chmod u+x generateDeployKey.sh

Usage Instructions

Basic syntax:

./generateDeployKey.sh REPO_OWNER_NAME REPO_NAME

Example:

./generateDeployKey.sh facebook react

Technical Details

  • Creates repository-specific RSA keys
  • Automatically updates SSH config with isolated configurations
  • Generates clone URLs with correct SSH aliases
  • Compatible with Linux and macOS systems
  • Requires basic shell environment

Best Practices

  1. Use descriptive repository names for better key management
  2. Keep generated keys secure and backed up
  3. Regularly audit and rotate keys as needed
  4. Document which servers use which deploy keys
  5. Remove unused keys and configurations promptly

Troubleshooting

If you make a mistake during key generation:

  1. Locate the relevant section in ~/.ssh/config
  2. Remove the configuration block starting with "New Key Generated on..."
  3. Delete the corresponding public and private key files
  4. Re-run the script with correct parameters

Related Topics

  • GitHub Deploy Keys
  • SSH Key Management
  • Continuous Integration
  • Secure Repository Access
  • DevOps Automation
  • SSH Configuration
  • Git Security Best Practices
Raw
script.sh
#!/bin/sh
# This script generates a ssh key for a single repository
# and adds a custom configuration to the users (not global) ssh config file,
# and outputs the public key for you to copy and paste as the repo deploy key
# and outputs the url for you to clone the repo on the machine.
# Github docs ref:
# https://docs.github.com/en/developers/overview/managing-deploy-keys#using-multiple-repositories-on-one-server
#
# 1. Add the script to the user account of the machine. The home directory is fine.
# 2. Make the script executable by running the following command as the user:
# chmod u+x generateDeployKey.sh
# 3. Run script like `./generateDeployKey.sh REPO_OWNER_NAME REPO_NAME` Note the space between owner and repo name. Example:
# ./generateDeployKey.sh yourname hello_world
# If you make a mistake with what you pass in, you can remove change from your ~/.ssh/config file
# by deleting the most recent "New Key Generated on...." and deleting the related .pub and private keys
# Check if user passed in both parameters
if [ -z "$1" ] || [ -z "$2" ]
then
echo "Make sure to pass in both parameters REPO_OWNER_NAME and REPO_NAME. Example:"
echo "./generateDeployKey.sh yourname hello_world"
else
REPO_OWNER_NAME=$1
REPO_NAME=$2
KEY_PATH=~/.ssh/id_rsa.$REPO_NAME
echo "Generating ssh key At ${KEY_PATH}"
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa.${REPO_NAME}
echo "Your ssh deploy key is:"
PUB_KEY_PATH=$KEY_PATH".pub"
cat $PUB_KEY_PATH
echo ""
# Will create config if it does not exist
echo "Updating ~/.ssh/config"
DATE_TIME=$(date +"%Y-%m-%d at %r")
echo "
# New Key Generated on $DATE_TIME
Host github.com-$REPO_NAME
HostName github.com
User git
IdentityFile $KEY_PATH" >> ~/.ssh/config
echo ""
echo "Here is your hostname's alias to interact with the repository using SSH:"
echo "git clone [email protected]$REPO_NAME:$REPO_OWNER_NAME/$REPO_NAME.git"
fi
@renatocron
Copy link
Author

original: https://gist.github.com/mehdi89/f1a003a3382ffeac4a249bcae13fcac6

this is just a fork, this is so useful

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment