Manage public keys
When you add a GNU Privacy Guard (GPG) or Secure Shell (SSH) public key to your Harness user profile, Harness uses it to verify that actions like signing commits actually come from you. This gives your team confidence that commits are authentic and untampered.
What will you learn in this topic?
By the end of this topic, you will know how to:
- Generate a GPG or SSH key pair on your local machine.
- Add a GPG or SSH public key to your Harness user profile.
- Delete a key from your profile when it is no longer needed.
Before you begin
Before you manage GPG and SSH public keys, ensure you have the following:
- Harness account: An active Harness account. Go to Onboarding guide to set up your account.
- GPG tools (for GPG keys): GPG command-line tools installed on your machine.
- SSH client (for SSH keys): An SSH client installed on your machine.
Generate a new GPG key
Before you upload a GPG public key to Harness, generate a GPG key pair on your local machine.
Step 1: Install GPG
Download and install the GPG command-line tools for your operating system:
- macOS:
brew install gnupg - Windows: Download Gpg4win.
- Linux: GPG is usually pre-installed. If not, use your package manager (for example,
sudo apt install gnupg).
Step 2: Generate the key pair
Open a terminal and run:
gpg --full-generate-key
When prompted, provide the following:
- Key type: Select RSA and RSA.
- Keysize: Enter
4096for maximum security. - Expiration: Press Enter for no expiration, or specify an expiration period.
- Confirm your selections.
- User ID: Enter your real name and the email address associated with your Harness account.
- Passphrase: Enter a secure passphrase.
Step 3: Find your key ID
List your GPG secret keys:
gpg --list-secret-keys --keyid-format=long
In the output, find the sec line. The key ID follows the algorithm and key size. For example, in sec rsa4096/3AA5C34371567BD2, the key ID is 3AA5C34371567BD2.
Step 4: Export the public key
Export your public key in ASCII armor format:
gpg --armor --export <YOUR_KEY_ID>
Copy the entire output, including the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK----- lines.
Add a GPG public key to Harness
To add your GPG public key to your Harness profile:
- In Harness, select your avatar in the bottom-left corner to open your User Profile.
- Under My Public Keys, locate the GPG Keys section.
- Select + GPG Key.
- In the Add new GPG key dialog, fill in the following fields:
- Name (required): A descriptive name for the key.
- Id: An identifier for the key (auto-generated from the name, editable).
- Description (optional): A note about the key purpose.
- Tags (optional): Key-value pairs for organization.
- Public Key (required): Paste the full PGP public key block you exported earlier.
- Click Save.
Harness confirms the key and adds it to your GPG Keys list, showing the key name and fingerprint.
You can now use your GPG key to sign commits. Harness verifies the signature against this public key and marks signed commits as Verified, giving your team confidence that the commit is authentic and has not been tampered with.
Delete a GPG key
To delete a GPG key from your profile:
- Go to your User Profile and locate the GPG key under My Public Keys.
- Select More Options (⋮) on the key card.
- Click Delete.
- Confirm the deletion in the dialog.
Generate a new SSH key
Before you upload an SSH public key to Harness, generate an SSH key pair on your local machine.
Step 1: Generate the key pair
Open a terminal and run:
ssh-keygen -t ed25519 -C "your_email@example.com"
Replace your_email@example.com with the email address associated with your Harness account.
If your system does not support Ed25519, use RSA instead:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
When prompted, provide the following:
- File location: Press Enter to accept the default (
~/.ssh/id_ed25519). - Passphrase: Enter a secure passphrase (recommended) or press Enter for no passphrase.
Step 2: Start the SSH agent
eval "$(ssh-agent -s)"
Step 3: Add the key to the SSH agent
macOS:
Open or create the ~/.ssh/config file and add the following lines:
cat >> ~/.ssh/config << 'EOF'
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
EOF
This appends the config lines to the file (and creates it if it does not exist).
Then add the key:
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
Linux:
ssh-add ~/.ssh/id_ed25519
Windows (Git Bash):
ssh-add ~/.ssh/id_ed25519
Step 4: Copy the public key
macOS:
pbcopy < ~/.ssh/id_ed25519.pub
Linux:
xclip -selection clipboard < ~/.ssh/id_ed25519.pub
Windows (Git Bash):
clip < ~/.ssh/id_ed25519.pub
Alternatively, open the file and copy its contents manually:
cat ~/.ssh/id_ed25519.pub
Add an SSH public key to Harness
To add your SSH public key to your Harness profile:
- In Harness, select your avatar in the bottom-left corner to open your User Profile.
- Under My Public Keys, locate the SSH Keys section.
- Select + SSH Key.
- In the New SSH Key dialog, fill in the following fields:
- Name (required): A descriptive name for the key.
- Id: An identifier for the key (auto-generated from the name, editable).
- Description (optional): A note about the key purpose.
- Tags (optional): Key-value pairs for organization.
- Public Key (required): Paste the SSH public key you copied in Step 4.
- Click Save.
Harness confirms the key and adds it to your SSH Keys list with its fingerprint.
You can now use your SSH key to sign commits. Harness verifies the signature against this public key and marks signed commits as Verified, confirming the commit came from you and has not been altered.
Delete an SSH key
To delete an SSH key from your profile:
- Go to your User Profile and locate the SSH key under My Public Keys.
- Select More Options (⋮) on the key card.
- Click Delete.
- Confirm the deletion in the dialog.
Next steps
- Sign commits: Use your GPG or SSH keys to sign commits in Harness Code Repository.
- Two-factor authentication: Add a second verification step to your Harness login.