Spin Pro is now is available for Laravel!

Generating a Secure SSH Key

Having a secure SSH key is super important. This allows us to authenticate to our servers using keys instead of insecure methods such as passwords.

A few things about that will make this key secure:

  1. The ED25519 encryption algorithm
  2. A password protected key (if you password protect your key, you may need to go through additional steps to configure your SSH agent)

If you want to nerd out on why we suggest this algorithm, you can read this guide.

👨‍💻 Generating a USER key (for server connection)

If you're using services like GitHub already, there's a good chance you already have a key like this. All you need is the public key value of your existing SSH key pair. You can likely find this in your ~/.ssh directory, and look for files ending in *.pub.

Spin works with any valid SSH key. It does NOT need to be the ED25519 algorithm, just as long as it works with SSH and is secure.

If you need to create an SSH key, you can run this on your local machine:

Generate a USER key

ssh-keygen -o -a 100 -t ed25519

It will create two files:

Files created

~/.ssh/id_ed25519 # ❌ This is your PRIVATE key. Keep this secret
~/.ssh/id_ed25519.pub # ✅ This is your PUBLIC key. This is the value we want to use

To get the public key value, you can run this command:

Get the public key value

cat ~/.ssh/id_ed25519.pub

This will echo the public key value to your terminal. You can copy this value and use it in your .spin.yml when you configure your "users.username.authorized_ssh_keys" for your server.

🚀 Generating a DEPLOYMENT key

If you're using advanced deployments like GitHub Actions, then you will want to create a deployment key specifically for your CI/CD pipeline.

Run this on your local machine:

If you're asked to create a password, you can skip it. To keep things simple, we do not want GitHub Actions to be prompted to ask for a password during deployment.

Generate a deployment key on your Desktop

ssh-keygen -o -a 100 -t ed25519 -f ~/Desktop/id_ed25519_deploy -C deploy

Change deploy to whatever you'd like. Since we do not want to use this key for our local connections, the command above defaults it to go to your desktop so you can easily find it and copy the values to your clipboard.

What to do with this key

Store this key in a secure place. You may need the private key contents during CI/CD and you'll need to set the public key value in your .spin.yml when you configure your "docker_user.authorized_ssh_keys" for your server.