1.9 KiB

Raw Blame History

SSH Key Management

This directory should contain SSH private keys for deployment to different environments.

Setup Instructions

1. Generate SSH Key Pairs

For each environment, generate a dedicated SSH key pair:

# Generate production key
ssh-keygen -t ed25519 -f deploy/keys/production_key -C "calejo-production-deploy" -N ""

# Generate staging key  
ssh-keygen -t ed25519 -f deploy/keys/staging_key -C "calejo-staging-deploy" -N ""

# Set proper permissions
chmod 600 deploy/keys/*

2. Deploy Public Keys to Servers

Copy the public keys to the target servers:

# For production
ssh-copy-id -i deploy/keys/production_key.pub calejo@production-server.company.com

# For staging
ssh-copy-id -i deploy/keys/staging_key.pub calejo@staging-server.company.com

3. Configure SSH on Servers

On each server, ensure the deployment user has proper permissions:

# Add to sudoers (if needed)
echo "calejo ALL=(ALL) NOPASSWD: /usr/bin/docker-compose, /bin/systemctl" | sudo tee /etc/sudoers.d/calejo

Security Notes

Never commit private keys to version control
Set proper permissions: chmod 600 deploy/keys/*
Use passphrase-protected keys in production
Rotate keys regularly
Use different keys for different environments

File Structure

deploy/keys/
├── README.md                    # This file
├── production_key              # Production SSH private key (gitignored)
├── production_key.pub          # Production SSH public key (gitignored)
├── staging_key                 # Staging SSH private key (gitignored)
└── staging_key.pub            # Staging SSH public key (gitignored)

Environment Variables

For additional security, you can also use environment variables:

export CALEJO_DEPLOY_KEY_PATH="deploy/keys/production_key"
export CALEJO_DEPLOY_PASSPHRASE="your-passphrase"

1.9 KiB Raw Blame History