Deployment keys are SSH keys that are not tied to a particular user account. They are used to authenticate a server as being able to download code from GitHub for deployment.
For example, if code is pushed to the server that contains links to private submodules on GitHub, then the post-receive hook will try to download and update that code. It’s not appropriate to put a particular user’s keys on the server, so a separate deployment key is created instead.
Deployment keys can be created in the usual way, with the “ssh-keygen” command. The key should be password-less so that updates on the server do not have to be performed manually. The idea is that code in the repos and any associated code to be pulled from submodules happens as quickly as possible to reduce downtime.
The private key should be added to the SSH configuration on the server and associated with the GitHub host. The public key should be placed there for safe-keeping but will also need to be added to any GitHub repos that deploy in this fashion. Under the “Admin” page for a particular repo, there is a tab called “Deploy Keys”.
Deployment keys are transient. If there is an issue with the server, the old keys can be removed from the server and the GitHub repos and new ones generated.