How to generate and store read/write SSH keys

One may sometimes want to interact with a GitHub or Bitbucket repository from within a CircleCI job, either in more than a read-only capacity, or with a repository external to the one being used for the current job. Either option requires generating a new SSH key, storing the public portion in the GitHub or Bitbucket repository with which the project will be interacting, and storing the private portion in CircleCI.

With the release of macOS Mojave, the default SSH key generated by ssh-keygen is no longer the correct format for CircleCI. To generate a correctly formatted key on a computer running macOS, run the following command:

ssh-keygen -t rsa -b 4096 -m PEM

See GitHub and Bitbucket documentation for guidelines on storing SSH public keys:

To store the private key in CircleCI, visit the Project Settings/SSH Permissions page:[YOUR_VCS]/[YOUR_ORG]/[YOUR_PROJECT]/edit#ssh

Make sure to specify the hostname ( or when adding the private key.

Finally, the key will need to be added to your config.yml file:

Was this article helpful?
4 out of 16 found this helpful



Please sign in to leave a comment.