Cloud Security  / Updates

Change of deploy keys from RSA to Ed25519

Change of protocol from RSA to Ed25519 for git deploy keys which require actions from our clients when using external repositories.

Michael Nicholson

Michael Nicholson

Cloud Solution Engineer

Last year, GitHub announced that they would be making changes to improve protocol security.

What is Divio doing?

In line with this change, Divio have upgraded the algorithm used to generate deploy keys when you link your own repository, rather than using the Divio default. The new algorithm in use is Ed25519.

What do I need to do as a Divio customer?

If you use a Divio git repo, then nothing at all.

If you use a custom repo hosted on GitHub, GitLab, BitBucket or elsewhere, then you will need to generate a new key and add the new deploy key to your repository as per the instructions.

In order to regenerate the key:

  1. Go into your application and select Repository

  2. Click on Public Key

  3. Click on Regenerate

  4. Copy this new key to the clipboard and add it to your repository as detailed in the instructions.

Notes

Although GitHub have said that keys generated prior to 15th March should continue to work, Divio recommends that you upgrade your keys as soon as it is convenient. This will both elimintate the risk your key suddenly stops working at some point in the future, and provide greater security by way of a better algorithm.