Incorporating SSH keys are an easy way to add a layer of security to your development and delivery processes. Once set up, SSH keys allow for password-less login, and are more secure than traditional authentication. Because SSH keys are longer and more complex than most passwords, they are much harder to crack through brute force attacks. Additionally, users can easily manage and revoke access by adding or removing public keys from the server, without needing to change passwords.
To streamline the authentication process with SSH keys, FlexDeploy will now support storing and managing private keys for SSH connections, similar to how password credentials are handled. This functionality is especially useful for connecting to Endpoints and can also be utilized for authenticating with GIT repositories.
Credential Types
When configuring credentials, you’ll find a new option for the type of credential to be stored. The types available in FlexDeploy 9.0 will include: Secret Text, SSH Key, and Certificate. This blog will focus specifically on SSH Keys.
Secret Text
Secret Text credentials allow for the input of encrypted text, commonly associated with passwords. This has been the standard credential type we have supported in the past.
SSH Key
SSH Key credentials support uploading a private key file along with an optional passphrase. These keys are used for connecting to Endpoints and authenticating with GIT repositories. Additionally, you can download a public key generated from the uploaded private key.
Certificate
Certificate credentials enable the upload of a certificate file, with an optional password. These can be utilized for authenticating SMTP/IMAP accounts within Email Settings.
Uploading the Private Key
When setting up SSH Key credentials, you’ll find two input fields. The first field, SSH Key, allows you to upload your private key, which will be stored in an encrypted format. You can select any private key from your local file system. To the right of the file upload is a button that lets you download the corresponding public key. The second field, Passphrase, is optional and is used to decrypt the private key when accessed.
This feature enables you to generate a private key on your local machine and upload it as a credential within FlexDeploy. Previously, you needed access to the internal file system on the FlexDeploy host to generate a key pair. Now, the process of generating a private key and uploading the corresponding public key to any Endpoint or GIT account is significantly simplified.
Connecting to Endpoints
Before FlexDeploy 9.0, the only option for Endpoint authentication was to select paths to private keys stored on the FlexDeploy server’s file system. Now, you can easily choose the SSH Key Credential you have created. There is also an option to download the public key for easy upload to the Endpoint.
Connecting to GIT Repositories
As mentioned earlier, these credentials are not limited to connecting to Endpoints; they can also be used to authenticate with GIT repositories. When using an SSH URL, you can select the credential containing the private key. Clicking on the pencil icon will open a popup where you can download the public key and add it to your GIT account.
That’s All For Now
SSH keys offer a more secure, efficient, and user-friendly method of authentication compared to traditional passwords. FlexDeploy 9.0 will simplify SSH key management. Users will be able to upload private keys directly, reuse them within the platform, and download the corresponding public keys. This is just the first step, with plans to expand SSH key credential features in future releases.
