• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Multiple Deploy-Key Repos

    November 3rd, 2022
    tech
    Let's say you want to give a machine access to one of your repos but not all of them. This is a reasonable thing to want, and so GitHub offers deploy keys. But what if you want to give it access to two repos?

    The natural thing to try would be to add the same public key to your second repo, but GitHub rejects this:

    Error: Key is already in use
    

    I think this error is because they don't want you to get into a situation where multiple machines are using the same key. If that happened and you needed to revoke one machine's access, you'd be stuck. In this case, however, we only have one machine and we're trying to use the same key for two repos. I don't see any issues with that setup, and while maybe I'm not being imaginative enough I think GitHub should probably be checking for duplicate deploy keys on a per-repo basis instead of globally?

    Still, what can we do with GitHub as it is? Generate more keys and use aliases!

    I'm going to walk through this assuming you're starting from scratch trying to check out both github.com/you/repo1 and github.com/you/repo2. If you already have repo1 working and don't mind having the two repos configured differently, just follow the repo2 steps.

    First, generate a ssh key for each repo:

    $ ssh-keygen -t ed25519 -C "machineName-repo1"
    Enter file in which to save the key: /home/you/.ssh/id_ed25519.repo1
    ...
    
    $ ssh-keygen -t ed25519 -C "machineName-repo2"
    Enter file in which to save the key: /home/you/.ssh/id_ed25519.repo2
    ...
    

    Then visit github.com/you/repo1/settings/keys and github.com/you/repo1/settings/keys and paste the contents of ~/.ssh/id_ed25519.repo1 and ~/.ssh/id_ed25519.repo2 respectively.

    At this point you've created the keys and told GitHub to respect them, but you haven't told ssh on your machine when to use which key. You do that in ~/.ssh/config:

    Host github-repo1
         HostName github.com
         User git
         IdentityFile ~/.ssh/id_ed25519.repo1
         IdentitiesOnly yes
    
    Host github-repo2
         HostName github.com
         User git
         IdentityFile ~/.ssh/id_ed25519.repo1
         IdentitiesOnly yes
    

    Anyway, now you can check out your repos:

    $ git clone github-repo1:you/repo1.git
    $ git clone github-repo2:you/repo2.git
    

    The reason this works is that git, like anything else that uses ssh, doesn't actually interpret the host name or set up the connection. It just asks ssh "please connect me to github-repo1" and ssh will use aliases as part of figuring out how to do that. This also means that almost any time you might have used GIT_SSH_COMMAND, or otherwise passed arguments to ssh, an alias is a better choice.

    If you'd already checked out your repo, however, instead of checking it out again you just change where origin points:

    $ cd repo1
    $ git remote set-url origin github-repo1:you/repo1.git
    

    And the same for repo2.

    Comment via: facebook, lesswrong

    Recent posts on blogs I like:

    Be less scared of overconfidence

    deferring to markets • deferring to experts • deferring to low-information heuristics • why they fail • blindness to outliers • what to do instead

    via benkuhn.net November 30, 2022

    Corncob Dolls

    I went to a farm and at the farm I got to see a corncrib and the corn that had fell out of the corncrib that no one wanted I got to use my fingers to take off the corn kernels and once the cobs were empty I put them in a bag and then once I got back to the…

    via Anna Wise's Blog Posts November 7, 2022

    Light Switch

    When I got my loft bed it was just so annoying every morning to have to get out of bed, climb down the ladder, turn the light on, and climb back up, just so I could see stuff. I decided to make a string for my light switch because I really wanted to be abl…

    via Lily Wise's Blog Posts November 7, 2022

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact