SSH Key Management

See SSH Configuration for details on how to authenticate to Solano CI using SSH.

Solano CI uses several classes of SSH keys:

User public key

The first class of key is a user’s SSH public key. This key is used in two situations: A) during solano run this key authenticates a user’s git pushes, which requires git.solanolabs.com to authenticate the user, and B) when accessing the debug console an SSH connection is made via the key to authenticate the user.

Users can set this key in the web UI by opening the dropdown menu in the upper-right corner of the Dashboard and selecting “User Settings” and then opening the “SSH Key” tab. Alternatively, the solano keys command will list the fingerprints for the key and allow you to generate, authorize, and deauthorize keys.

Repository public key

Note

This key is being phased out. Soon Solano CI will only use the User public key and the Solano worker identity key.

The second class of key is a Solano-produced key and serves as a repository’s public key. This key is used to authorize Solano CI to pull a repo’s code for Continuous Integration and to push it for Continuous Deployment. Specifically, it fetches changes on a webhook and defines the repo in Solano to the upstream git server. Note that each repo added to Solano CI has its own individual key, so each will need to be authorized in order for Solano CI to pull and push code.

Users can find this key in the web UI by clicking on the desired repo’s gear icon from the Dashboard, then scrolling to the bottom of the subsequent page; it is listed under “Authorize this SSH public key on your git server to pull your repo.” Alternatively, the solano suite command will print the public key for the current repo. Users can set this key wherever they are hosting their repository.

Solano worker identity key

The third class of key is a Solano-produced key and serves as a Solano worker’s SSH Identity key. This key is used for authorizing Git pull of a private repo or other dependency by the Solano worker. When a Solano worker executes a test with a private dependency, it uses this key to identify itself and access that necessary code. For more information, see our detailed article. Note that each Solano Organization has its own individual key, so only Orgs with repos that feature private dependencies will need top authorize this key.

Users can find that key in the web UI by opening the dropdown menu in the upper-right corner of the Dashboard and selecting “Organizations,” then clicking “Organization Settings” for the desired Org, and finally clicking on the Worker SSH Identity” tab on the subsequent page. Alternatively, this key is displayed by the solano account command. Users can set this key in whatever SCM hosts the private dependency.