Solution for mass-assigning deploy keys

Dev: https://dev.gitlab.org/gitlab/gitlabhq/issues/2231

Haydn

From customer: Our situation is that we have projects divided into multiple repositories (because they are kindof modularized), and adding deploy keys one-by-one to all the projects kindof sucks. Would be nice to have "team deploy keys", "group deploy keys", or so. Or at least a nice interface for mass-assigning deploy keys to a multitude of projects by administrator - clicking through all the projects kindof sucks now. We are employing a workaround with "dummy" team member added everywhere as a "Reporter", but that is a bit weird for some purposes.

Sytse

Group deploy keys make sense to me.

Dmitriy

We can start from groups page where we can add/remove deploy keys for all projects in group. Something similar to what we did with milestones

@Haydn @sytses @dzaporozhets

Added feature proposal in GitLab FOSS and removed ~128370 labels

In our company we have a similar issue and it would be nice to be able to at least at a deploy key to a group. Another problem is updating a deploy key for an existing entry, I don't want to delete the old key and adding the new key on every project. I also like the idea to have something like a deploy key team (group of deploy keys) which would solve the problem too, since exchanging a key is be much easier that way. Our current workaround is to share the private key among our buildservers where we have the same user on each machine.

Up.

Same here. We love how the webhooks can be done for a group - please do it for deploy keys as well!

@JobV @regisF This feature has 15 likes. Perhaps worth assigning?

also it would be good to be able to assign an deploy key to a group. then it would be valid for all projects in this group. also renaming of a deploy key should be possible see https://gitlab.com/gitlab-org/gitlab-ce/issues/3191

added ~480950 label

Bump. We could really use this at my company.

This would be really useful.

+1 from me. We badly need that as well.

At the moment, the deployment keys created for a new project needs to be added to all submodules manually. This sucks and is hard to automate as there is no information about which submodules will be used by the project at project creation time. Being able to assign group deployment keys would be the perfect solution: we would create a new group for all our modules and add automatically deployment keys at creation time of new projects to this group.

@mydigitalself This proposal has gained some interest

I also find it useful to be able to add deploy key to particular group of projects.

+1 We absolutely need this functionality as well.

We have over 200 projects and over 50 deploy keys to manage When adding a new deploy key, we would have to add the key to many projects.... takes hours.
And when we would add a new project, we would have to add that project to many deploy keys... same problem.

We've since stopped using deploy keys and have just created users (which can be assigned to groups) instead of deploy keys and it works well for our workflow

But now... we want to upgrade to Enterprise and can't do it because we have 50+ fake users that we'd have to pay for. Giving the ability for deploy keys to be assigned to groups would solve the problem and allow us to upgrade to Enterprise cost effectively

changed milestone to %Next 3-6 months in gitlab-foss

+1 for this feature. I would a killer feature to us !

Today we have open-sourced GitLabForm, a configuration-as-code tool for GitLab, which provides setting deploy keys for groups of projects.

Please give it a try: https://github.com/egnyte/gitlabform

It may be a little rough around the edges but we have used it internally for half a year now and think that it's so useful that we should share it. Enjoy!

@gdubicki Awesome, thanks for sharing!

A workaround is to create a user with user ssh-key, then add this user as reporter to the project.

This works, but this could lead to an issue as I think GitLab has a mechanism that locks users when they did not login for some time. at least when authenticating with credentials from cli I ran in this issue. Don't know if it applies for sshkeys too.

This is possible for the CE version. In the EE versions you would need to pay for that user.

Running into this same need at my company. A deploy key for a team or a group would work. I like the team approach more since it allows spanning groups.

This may be useful: https://docs.gitlab.com/ce/api/deploy_key_multiple_projects.html

@toub: true, might be helpful. But doesn't solve the problem to automatically grant deploy permissions to possible future projects inside a group/team.

A workaround/solution for some use-cases could be to be able to assign deploy keys to groups (so new project of groups are automatically granted).

Ran into this exact same problem last year, worked my tail off to add the deploy key in all the repositories.

Now, we have added a new server, I need to do the same thing again. ahhhhh....

You can set this new key with https://github.com/egnyte/gitlabform with ~15 lines of config and by running one command, @nomadme . Since its v. 0.19.0 you can set deploy key to ALL projects in your gitlab instance you have access to.

@gdubicki Thanks, I was actually finish writing my bash script to deploy to all the projects that I wanted.

I will have a look.

@gdubicki Hey man! That is super awesome! Thank you for sharing it. I threw my bash script in to trash and burned it. :)

* [45/45] Completed HAHA

moved from gitlab-foss#3890 (moved)