// Using Deploy keys on GitHub

Using Deploy keys on GitHub

As you build out your network automation workflow, you will need to access remote git repositories programmatically. It is highly recommended that you use Deploy Keys instead of Personal Access Tokens (PAT) to do so. This allows you to create credentials per repository, which limits your exposure if the keys were to get compromised. 

Follow the instructions below to generate and use deploy keys. If you are looking for some resources that go into greater detail, you can try these:

Deploy Keys are just SSH keys, so you follow the same steps you use to generate your normal user SSH keys.

ssh-keygen -t rsa -b 4096 -C user@email_domain.com

You will encounter a few prompts. The first one is to name the new key you have created. Pick a name that makes it obvious to everyone where and how this key will be used.

Enter file in which to save the key (/Users/saparikh/.ssh/id_rsa): key-test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

NOTE: Do not set a passphrase, just hit Enter at the prompt

Now you are ready to add this key to the GitHub repository. The steps to add a key are simple. Go to the Settings -> Deploy keys -> Add Key


Add Deploy Key to Github repositorySet the Title to the key-name you entered when generating the key, which in our example was key-test. On your computer get the content of the public key file for this key by running

cat key-test.pub

Copy this and paste it into the Key field on the page. If this key will be used to make updates to the repository, make sure you check the box Allow write access. By default, deploy keys only have read access to a repository.

That’s it. Now you can use this deploy key to programmatically interact with the repository in GitHub.

See What's Possible

Pre-deployment validation of your network’s security, reliability and compliance policies, fully-automated with Batfish.

Request Your Demo