I’m about to start a small webapp related to the upcoming ManPad. Of course, the sources of this app are securely stored in a git repository, on bitbucket actually.
To make things easy, I’d like to be able to deploy the latest version of the app by simply issuing a git pull
. But to make things secure, I need to be sure that corrupting my server would not allow anyone to write to my git repository.
That’s where so-called “deployment keys” come into play. Bitbucket allow us to declare read-only SSH keys for a specific repository, and it works even if your repository is private, which is a very cool option!