in general
ssh-keygen -t ed25519 -N "" -C "github-deploy-key" -f ./github_deploy_key_id_ed25519
if you are using webfactory/ssh-agent action from https://github.com/webfactory/ssh-agent to set the ssh key in github sam-pipeline.yml, then the comment field needs to match the url of the target repo, e.g.
ssh-keygen -t ed25519 -N "" -C "git@github.com:owner/repo.git" -f ./github_deploy_key_id_ed25519
cp ./github_deploy_key_id_ed25519 ./github_deploy_key_id_ed25519.openssh
ssh-keygen -p -f ./github_deploy_key_id_ed25519 -m pem -N ""
- generate a new SSH key pair
- spec = ED25519
- on a linux machine, from the terminal
ssh-keygen -t ed25519 -N "" -C "github-deploy-key" -f ./github_deploy_key_id_ed25519
Generating public/private ed25519 key pair.
Your identification has been saved in ./github_deploy_key_id_ed25519
Your public key has been saved in ./github_deploy_key_id_ed25519.pub
The key fingerprint is:
SHA256:??? github-deploy-key
The key's randomart image is:
+--[ED25519 256]--+
???
+----[SHA256]-----+
this generates
- private key = github_deploy_key_id_rsa
- public key = github_deploy_key_id_rsa.pub
- print the contents of the key files to std out, copy, and store securely for future manual retrieval
echo
echo "PRIVATE KEY"
cat github_deploy_key_id_rsa
echo
echo "PUBLIC KEY"
cat github_deploy_key_id_rsa.pub
echo
- in the LIBRARY github repo, add the new PUBLIC key as a deploy key
from library github repo home page, go to
Settings > Deploy Keys > Add deploy key
then copy the contents of the PUBLIC KEY file, and name the key
-
in the consuming github repo, add the new PRIVATE key as a secret
Settings > Secrets and Variables > Actions > Repository Secrets > New repository secret