Per-Project/Per-Group SSH-Key
Proposal
Make it possible to bind/limit SSH-Keys to Projects/Groups
Use Case
I am working on a project where I setup a Windows VM via Packer/Vagrant/Ansible. On this machine I write/test Dockerfiles that need to be checked into the same repository. I cannot use HTTPS with a password for Git because we have 2FA enabled for our Gitlab. So far I've come up with the following ideas/solutions:
-
Generate a project-specific ssh key-pair and use add it to the project as a deploy key. I could than check in the private key into the repository (you need access to the repository to retrieve the key and with the key you can only (?) access the repository). This works but well, it's not ideal (private key in repo, shared key for all developers). Also, the deploy key shows up in every other project.
-
Every developer needs to generate their own ssh key and copy it to some directory in the project which is ignored. Every developer can add the public key as a deploy key. This solves the problem of having a shared key but now there are lots of deploy keys in the project.
-
Every developer copies his personal ssh key to the same (ignored) directory as in option 2. Now the access is not limited to the project.
I think everything above also applies to "Personal Access Tokens".