REST API endpoints for deploy keys
Use the REST API to create and manage deploy keys.
About deploy keys
You can launch projects from a repository on GitHub.com to your server by using a deploy key, which is an SSH key that grants access to a single repository. GitHub attaches the public part of the key directly to your repository instead of a personal account, and the private part of the key remains on your server. For more information, see "Delivering deployments."
Deploy keys can either be set up using the following API endpoints, or by using the GitHub web interface. To learn how to set deploy keys up in the web interface, see "Managing deploy keys."
There are a few cases when a deploy key will be deleted by other activity:
- If the deploy key is created with a personal access token, deleting the personal access token will also delete the deploy key. Regenerating the personal access token will not delete the deploy key.
- If the deploy key is created with an OAuth app token, revoking the token will also delete the deploy key.
Conversely, these activities will not delete a deploy key:
- If the deploy key is created with a GitHub App user access token, revoking the token will not delete the deploy key.
- If the deploy key is created with a GitHub App installation access token, uninstalling or deleting the app will not delete the deploy key.
- If the deploy key is created with a personal access token, regenerating the personal access token will not delete the deploy key.
List deploy keys
Fine-grained access tokens for "List deploy keys"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" repository permissions (read)
Parameters for "List deploy keys"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
Name, Type, Description |
---|
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: |
HTTP response status codes for "List deploy keys"
Status code | Description |
---|---|
200 | OK |
Code samples for "List deploy keys"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/keys
Response
Status: 200
[
{
"id": 1,
"key": "ssh-rsa AAA...",
"url": "https://api.github.com/repos/octocat/Hello-World/keys/1",
"title": "octocat@octomac",
"verified": true,
"created_at": "2014-12-10T15:53:42Z",
"read_only": true,
"added_by": "octocat",
"last_used": "2022-01-10T15:53:42Z",
"enabled": true
}
]
Create a deploy key
You can create a read-only deploy key.
Fine-grained access tokens for "Create a deploy key"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" repository permissions (write)
Parameters for "Create a deploy key"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
Name, Type, Description |
---|
title string A name for the key. |
key string RequiredThe contents of the key. |
read_only boolean If Deploy keys with write access can perform the same actions as an organization member with admin access, or a collaborator on a personal repository. For more information, see "Repository permission levels for an organization" and "Permission levels for a user account repository." |
HTTP response status codes for "Create a deploy key"
Status code | Description |
---|---|
201 | Created |
422 | Validation failed, or the endpoint has been spammed. |
Code samples for "Create a deploy key"
Request example
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/keys \
-d '{"title":"octocat@octomac","key":"ssh-rsa AAA...","read_only":true}'
Response
Status: 201
{
"id": 1,
"key": "ssh-rsa AAA...",
"url": "https://api.github.com/repos/octocat/Hello-World/keys/1",
"title": "octocat@octomac",
"verified": true,
"created_at": "2014-12-10T15:53:42Z",
"read_only": true,
"added_by": "octocat",
"last_used": "2022-01-10T15:53:42Z",
"enabled": true
}
Get a deploy key
Fine-grained access tokens for "Get a deploy key"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" repository permissions (read)
Parameters for "Get a deploy key"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
key_id integer RequiredThe unique identifier of the key. |
HTTP response status codes for "Get a deploy key"
Status code | Description |
---|---|
200 | OK |
404 | Resource not found |
Code samples for "Get a deploy key"
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/keys/KEY_ID
Response
Status: 200
{
"id": 1,
"key": "ssh-rsa AAA...",
"url": "https://api.github.com/repos/octocat/Hello-World/keys/1",
"title": "octocat@octomac",
"verified": true,
"created_at": "2014-12-10T15:53:42Z",
"read_only": true,
"added_by": "octocat",
"last_used": "2022-01-10T15:53:42Z",
"enabled": true
}
Delete a deploy key
Deploy keys are immutable. If you need to update a key, remove the key and create a new one instead.
Fine-grained access tokens for "Delete a deploy key"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" repository permissions (write)
Parameters for "Delete a deploy key"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
key_id integer RequiredThe unique identifier of the key. |
HTTP response status codes for "Delete a deploy key"
Status code | Description |
---|---|
204 | No Content |
Code samples for "Delete a deploy key"
Request example
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/keys/KEY_ID
Response
Status: 204