Deploying Your Web App Using a Deploy Key

Are you happy with the way your apps are deployed right now? Are you, by any chance, using scp or an ftp client to bring your projects to your server once it’s time to update or redeploy your web app? Can your server access all your repositories, with too many permissions? That shouldn’t be the case, and it’s fixable.

Here’s the most basic workflow to deploy your web app to a server. It’s an acceptable and proven way, which you can start using without much overhead.

First of all - you are not self-hosting your Git repositories, are you? There are almost no reason to do that, really. Admittedly, gitolite is easy to setup and use, but having your code in a place which is very hard to compromise, will be almost-guaranteed to be available and where you can start collaborating with other developers without reinventing the wheel. Give Bitbucket a good look. There’s a free plan including unlimited private repos, and you can use all kinds of great features, like two-factor authentication to keep your work safe. Even more convenient: you can setup a deploy key for each project.

Deploy Keys

A deploy key, is just an SSH public key, which can be used to access a Git repository with read-only permissions. As the name suggests, it’s best suited to deploy a project, as it only needs to be pulled from a remote place, where it is subsequently brought online.

Getting Started

If there is no ~/.ssh/id_rsa.pub file on your server, generate an ssh key on your server. Use the following command

$ ssh-keygen

and make sure to provide a password which you don’t mind typing every once in a while.

Copy the content of the ~/.ssh/id_rsa.pub file, and navigate to your Bitbucket project in a browser. Navigate to Settings on the left when in the repository of your choice and Access keys in the new menu. Add a key with a name of your choice (good to identify the server and environment), and paste the content of the ~/.ssh/id_rsa.pub of your deployment server.

Once this key is in place, you can access the repository from your server.

Server Workflow

With the deploy key, you can access your project in the usual Git-tastic manner. Simply git clone it on your server, setup your deployment stuff, and you’re good to go.

Once there’s an update, you can git pull the changes, and redeploy the web app. If there’s an issue you can use Git’s magic to jump back to an older commit and make sure you app is up, while you go back to fixing the bugs. Unlike the copy-approach, it’s reliant to have everything you need, faster and cleaner to work with.

Of course, this is just the first step of fixing your deployment workflow, and there are many more easy wins which you can implement to save time, effort and do better in general. Happy deploying!