You are viewing documentation for Flux version: 2.2
Version 2.2 of the documentation is no longer actively maintained. The site that you are currently viewing is an archived snapshot. For up-to-date documentation, see the latest version.
Flux deploy key rotation
There are several reasons you may want to rotate the deploy key:
- The token used to generate the key has expired.
- The key has been compromised.
- You want to change the scope of the key, e.g. to allow write access using the
--read-write-key
flag toflux bootstrap
.
While you can run flux bootstrap
repeatedly, be aware that the flux-system
Kubernetes Secret is never overwritten.
You need to manually rotate the key as described here.
To rotate the SSH key generated at bootstrap, first delete the secret from the cluster with:
kubectl -n flux-system delete secret flux-system
Then you have two alternatives to generate a new key:
Generate a new secret with
flux create secret git flux-system \ --url=ssh://git@<host>/<org>/<repository>
The above command will print the SSH public key, once you set it as the deploy key, Flux will resume all operations.
Run
flux bootstrap ...
again. This will generate a new key pair and, depending on which Git provider you use, print the SSH public key that you then set as deploy key or automatically set the deploy key (e.g. with GitHub).