SSH keys remain one of the most secure authorization methods. The keys are generated in pairs. The first one is the public key, which is installed on the server. The second one is the private key, which is used to authenticate on that server. SSH keys are generated using cryptographic algorithms such as RSA, DSA or ECDSA, which makes breaking them with brute-force attacks practically impossible.

SSH keys are most commonly used for authentication on SSH servers to excecute remote commands or to upload files. They are also used for authorization when connecting to Git repositories (git clone, git pull, git push).

The high level of security they provide makes them also the most popular method of authorization in CI/CD processes. They are used, among others, for:

  • Authorization in Git repositories
  • Authorization during dependency download
  • Authorization while downloading submodules
  • Authorization during remote command execution on the server (DB migration scripts, application restart, etc.)
  • Authorization during file upload to the server (Rsync, SFTP, SCP)

Since we launched in late 2016, Buddy has fully supported SSH keys. In the last release, we expanded their possibilities to include numerous requests from our users (thank you for that!).

Submodule authorization

Every project has a unique SSH key called Buddy key that can be used for authorization in submodules. Until now, the Buddy key was the only method of submodule authorization. However, it was problematic for users who run several projects with the same submodule, as each project had to be authorized separately with its unique key.

This is why we've added 2 new authorization methods:

  • Buddy Workspace Key
  • Custom SSH key defined with ENV VARs

    These methods makes submodule authorization a one-time process that doesn't have to be reproduced across every single project.

Authorization in SSH action and upload actions (Rsync and SFTP)

If you use the same deployment server for multiple projects, it is also convenient to use one key for server authorization. Right now, in the SSH, SFTP and Rsync actions you can use:

  • Buddy Project Key
  • Buddy Workspace Key (new)
  • Custom SSH key defined with ENV VARs
  • You can also define your own key at the action level

SSH key identification

You can define SSH keys as environment variables. For security reasons, many people use different keys for different servers. However, this approach implicates a large number of keys which makes the keys difficult to manage. A while ago we added an option to add descriptions for SSH keys. Now, you can preview the public version of the key as well as its fingerprint. These values allow you to determine what key this is in an unambiguous way.

The values are visible on the actions view and on the keys edit screen:

Read more on file variables, a new feature that we added 4 weeks ago.

Buddy is 100% customer-driven. If there’s a feature or integration you miss, let us know in the comments below or directly at support@buddy.works.