Using Multiple GitHub Deploy Keys Safely in Production
Using Multiple GitHub Deploy Keys Safely in Production
Deploy keys are powerful — and dangerous if misused.
This guide explains how to use multiple deploy keys safely without breaking security boundaries.
What deploy keys are (quick recap)
Deploy keys allow:
- A server to pull from a private repo
- Without exposing user credentials
They are repository-scoped, not account-scoped.
Why you should use multiple deploy keys
Different servers have different trust levels:
- production
- staging
- backup
One leaked key should not expose everything.
Correct pattern
Server A → Key A → Repo
Server B → Key B → Repo
Each server gets:
- its own SSH key
- read-only access
How to manage multiple keys
On each server:
ssh-keygen -t ed25519 -f ~/.ssh/repo_key
On GitHub:
- Add each public key as a deploy key
- Label clearly:
prod-server,staging-server
Never do this
❌ Reuse personal SSH keys
❌ Share one deploy key across servers
❌ Give write access unless required
SSH config makes this clean
Host github.com
IdentityFile ~/.ssh/repo_key
No flags. No mistakes.
Final thought
Deploy keys are server identities.
Treat them like credentials — not shortcuts.
Related Posts
SSH Config Explained: How to Simplify Server Access with a Clean Laptop Setup
Learn how to use an SSH config file on your laptop to simplify server access, avoid mistakes, and connect to servers like LogicCraft with ease.
SSH Keys Deep Dive: Public vs Private, How Authentication Really Works
A practical deep dive into SSH keys—what public and private keys really are, how authentication works, and how to generate, store, and use keys safely.
SSH Keys Explained: Private Git Repos vs CI/CD Deployments (The Right Way)
A clear, practical guide to using SSH keys correctly for private Git repositories and CI/CD deployments without mixing trust models.