Best Practices for Rotating User SSH keys and Additional SSH keys

What is a User Key vs an additional SSH key?

User keys are user specific SSH keys authorized on a project level, with storage on both CircleCI and VCS source, such as https://github.com/settings/keys. Additional SSH keys are SSH keys that you've added in addition to the User and Deploy keys for that repo. This likely would be an SSH key that you're configuring for a separate checkout of a private repo. Be sure to use github.com as the Hostname (not simply GitHub, etc).

How do I know which is the authorized user key?

Once authorized under the "User Key" section of Project SSH Key Settings, the fingerprint will be logged on the UI
Screen_Shot_2023-01-12_at_2.59.04_PM.png
Keys will show in the GitHub User settings format of CircleCI: <username>/<project name>:

Screen_Shot_2023-01-12_at_2.53.21_PM.png

 

Keep in mind for best practices that the source key listed under GitHub settings will need to be deleted completely as well as what is saved on the CircleCI Side AS WELL as removing the SSH key from your ~/.ssh directory locally and updating the ~/.ssh/config as described in the GitHub documentation here.

 

 

Related feature requests/work in progress:

We will be adding the ability to view SHA-256 hash via the API. For more information on release reach out to CircleCI Support.

Please do vote on additional related feature requests in our Ideas portal such as:
Add the ability to log and capture User SSH Key creators.

Additional resources

SSH Key documentation on creating Deploy and User keys

Our security alert blog post from January 4. 2023

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.