The simplest way to go over this feature, is to set up a new private repository in Geoffrey. First let’s create a new project by clicking New Project. Fill the information in the same way as you would for a public repository. When you are done, click Create Project, and when the interface displays the new project you will notice a lock next to it, indicating that it is a private repository. From there, let’s click the context menu and pick Deploy key.
There you will be given an SSH key generated using Ed25519. This is a public key and their is no issue with sharing it. A public ssh key only allows connections to those who have access to the matching private key. In this case, only our server in charge of pulling the code from Github and GitLab has access to that private key – and we take extra care in using state of the art security best practices to handle the access and encryption of this key. We know how important the source code is to our customers and take it very seriously!
Now you need to tell GitHub or GitLab to use this deploy key. This is pretty straight forward, just go into your repository settings and look for “Deploy Key”. On GitHub this look like the following screen:
From there, tap Add deploy key to get to the following screen:
Do not allow write access! Geoffrey doesn’t need any write access to build your applications. Once done, and the key has been added the list of deploy keys will be updated with this new key:
Now you can start building your private repository project like any other project.
If you now go back to your private repository deploy keys settings on GitHub, you will see the key has changed to green – this is GitHub letting you know that the key is in use.
And voila! You are done. There is nothing else to do to get your application building. Enjoy building with Geoffrey and don’t hesitate contacting us if you do have any question!