May 22, 2020
Feature spotlight: SSH Keys
SSH keys remain one of the most secure authorization methods. The keys are generated in pairs. The first one is the public key, which is installed on the server. The second one is the private key, which is used to authenticate on that server. SSH keys are generated using cryptographic algorithms such as RSA, DSA or ECDSA, which makes breaking them with brute-force attacks practically impossible.
The high level of security they provide makes them also the most popular method of authorization in CI/CD processes. They are used, among others, for:
- Authorization in Git repositories
- Authorization during dependency download
- Authorization while downloading submodules
- Authorization during remote command execution on the server (DB migration scripts, application restart, etc.)
- Authorization during file upload to the server (Rsync, SFTP, SCP)
Since we launched in late 2016, Buddy has fully supported SSH keys. In the last release, we expanded their possibilities to include numerous requests from our users (thank you for that!).
Every project has a unique SSH key called Buddy key that can be used for authorization in submodules. Until now, the Buddy key was the only method of submodule authorization. However, it was problematic for users who run several projects with the same submodule, as each project had to be authorized separately with its unique key.
This is why we've added 2 new authorization methods:
- Buddy Workspace Key
Custom SSH key defined with ENV VARs
These methods makes submodule authorization a one-time process that doesn't have to be reproduced across every single project.
Authorization in SSH action and upload actions (Rsync and SFTP)
If you use the same deployment server for multiple projects, it is also convenient to use one key for server authorization. Right now, in the SSH, SFTP and Rsync actions you can use:
- Buddy Project Key
- Buddy Workspace Key (new)
- Custom SSH key defined with ENV VARs
- You can also define your own key at the action level
SSH key identification
You can define SSH keys as environment variables. For security reasons, many people use different keys for different servers. However, this approach implicates a large number of keys which makes the keys difficult to manage. A while ago we added an option to add descriptions for SSH keys. Now, you can preview the public version of the key as well as its fingerprint. These values allow you to determine what key this is in an unambiguous way.
The values are visible on the actions view and on the keys edit screen:
Customer Success Manager