SSH Key Management¶
See SSH Configuration for details on how to authenticate to Solano CI using SSH.
Solano CI uses several classes of SSH keys:
User public key¶
The first class of key is a user’s SSH public key. This key is used in
two situations: A) during
solano run this key authenticates a user’s
git pushes, which requires git.solanolabs.com to authenticate the user,
and B) when accessing the debug console an SSH connection is made via
the key to authenticate the user.
Users can set this key in the web UI by opening the dropdown menu in
the upper-right corner of the Dashboard and selecting “User Settings”
and then opening the “SSH Key” tab. Alternatively, the
command will list the fingerprints for the key and allow you to generate,
authorize, and deauthorize keys.
Repository public key¶
This key is being phased out. Soon Solano CI will only use the User public key and the Solano worker identity key.
The second class of key is a Solano-produced key and serves as a repository’s public key. This key is used to authorize Solano CI to pull a repo’s code for Continuous Integration and to push it for Continuous Deployment. Specifically, it fetches changes on a webhook and defines the repo in Solano to the upstream git server. Note that each repo added to Solano CI has its own individual key, so each will need to be authorized in order for Solano CI to pull and push code.
Users can find this key in the web UI by clicking on the desired repo’s
gear icon from the Dashboard, then scrolling to the bottom of the
subsequent page; it is listed under “Authorize this SSH public key on
your git server to pull your repo.” Alternatively, the
command will print the public key for the current repo. Users can set
this key wherever they are hosting their repository.
Solano worker identity key¶
The third class of key is a Solano-produced key and serves as a Solano worker’s SSH Identity key. This key is used for authorizing Git pull of a private repo or other dependency by the Solano worker. When a Solano worker executes a test with a private dependency, it uses this key to identify itself and access that necessary code. For more information, see our detailed article. Note that each Solano Organization has its own individual key, so only Orgs with repos that feature private dependencies will need top authorize this key.
Users can find that key in the web UI by opening the dropdown menu in the
upper-right corner of the Dashboard and selecting “Organizations,” then
clicking “Organization Settings” for the desired Org, and finally clicking
on the Worker SSH Identity” tab on the subsequent page. Alternatively,
this key is displayed by the
solano account command. Users can set
this key in whatever SCM hosts the private dependency.