Information for: DEVELOPERS   PARTNERS

Adding a public key to an Acquia profile

To connect to Acquia Cloud environments using SSH, you must have an SSH public key added to your Acquia profile. Additionally, if you have the proper role and permissions as a member of a team, you can use your public key to SSH to environments of applications that your team is assigned to. You can also use your public key to access your Acquia Cloud environments using SFTP or rsync, or your Git repository.

If you do not already have an SSH key pair, you can create a new one. Your SSH public key must be at least 4096 bits. For more information, see Generating an SSH public key.

After you have added your SSH public key to your profile, you can use it to access an Acquia Cloud environment if you meet one of the following requirements:

  • You are a member of a team that is assigned to the server’s application, and you have a role that includes the appropriate SSH permissions
  • You are either the Owner or Administrator for the application.

Acquia provides the following permissions related to SSH keys:

  • Add SSH key to Git repository
  • Add SSH key to non-Production environments
  • Add SSH key to the Production environment

If you have only the Add SSH key to git repository and Add SSH key to non-Production environments permissions, you can check code in and out of your application’s Git repository, as well as use SSH to connect to your application’s Development and Staging environments; however, you can’t connect to your application’s Production environment using SSH. To learn more about teams and permissions in Acquia Cloud see Managing users, teams, roles, and permissions.

To add a public key to your account, you can click your account page for adding SSH keys, or complete the following steps:

  1. Sign in to Acquia Cloud.

  2. In your Acquia profile, click SSH keys.

  3. On the SSH Keys page, click Add SSH Keys.

  4. Enter the SSH key Label, such as the name of the person who owns the key.

    Add SSH key image

  5. Open your SSH public key file using one of the following methods:

    • Using a text editor
      Using a text editor, open your SSH public key file and copy the contents of the file to the clipboard, ensuring that you don’t add any extra lines or spaces to the copied key.

      Note

      By default, the file name is ~/.ssh/id_dsa.pub or ~/.ssh/id_rsa.pub.

    • Using a command
      If you can neither view nor edit your public key file using a text editor, use a command like one of the following to copy the contents of the key file directly to the clipboard:

      • macOSpbcopy < ~/.ssh/id_dsa.pub
      • Linuxsudo apt-get install xclip xclip -sel clip < ~/.ssh/id_dsa.pub
      • Windows, with GitBashclip < ~/.ssh/id_dsa.pub
  6. Paste the OpenSSH-formatted key into the Public key field. OpenSSH public keys start with ssh-dss or ssh-rsa, and should appear similar to the following example:

    ssh-dss  AAAAG1bB0us3MAAACBALFF6+dpSkO6bwbJ6BCCwbGavQPqR3JSwGWW== [email protected]
    
  7. Click Add key.

    After you add a key, there can be a delay of approximately a minute before you can use the key to connect to your environments or repository.

Keys added by team members

If a member of your team adds an SSH key for you, you will receive an email with the subject line Acquia: An SSH key labeled [labelname] was added to your Acquia account. informing you that the key was added.

Using deployment keys on Acquia Cloud

Acquia Cloud does not support the use of deployment keys (machine keys) that are not associated with an individual user account. All SSH keys must be associated with a user account.

Acquia recommends that you create a new user account (in addition to the user accounts of your team members) to store the SSH keys that grant your third-party deployment systems (such as Travis, Jenkins, or Cloudbees) push access to Acquia Cloud. Assign this user account a role that includes the Deploy code, files, or databases to the production environment permission, and then add the SSH public key to the new user account’s profile.

Note

Creating a separate account for your deployment keys protects your subscription from unexpected deployment failures if an employee leaves your organization and is removed from your Acquia Cloud subscription.