SSH Keys
SSH keys are stored as SSHKey resources and referenced by name in node type or Machine properties. During provisioning, the public keys are included in the user data (e.g. cloud-init) so they are configured on the Machine.
SSH keys may be used with any provider that supports user data during provisioning, including Metal3, KubeVirt, and Terraform.
Create an SSHKey​
SSH keys can be managed through the platform UI under your Profile > SSH Keys, or by creating the resource directly:
apiVersion: management.loft.sh/v1
kind: SSHKey
metadata:
name: my-ssh-key
spec:
displayName: "My SSH Key"
description: "Development access key"
publicKey: "ssh-ed25519 AAAA... user@host"
Fields​
| Field | Description |
|---|---|
spec.displayName | Human-readable name shown in the UI. |
spec.description | Optional description. |
spec.publicKey | The SSH public key content. |
spec.owner | Optional user or team that owns this resource. |
spec.access | Optional access control list. |
Use SSH keys​
Reference SSH keys by name in node type properties or Machine properties. Multiple keys can be specified as a comma-separated list:
properties:
vcluster.com/ssh-keys: my-ssh-key,team-shared-key
All referenced keys are added to the provisioned server's authorized_keys.
Access control​
SSHKey resources are cluster-scoped. Use the spec.owner and spec.access fields to control who can use or modify them:
apiVersion: management.loft.sh/v1
kind: SSHKey
metadata:
name: team-key
spec:
displayName: "Team Shared Key"
publicKey: "ssh-ed25519 AAAA... team@org"
owner:
team: platform-team
access:
- teams:
- platform-team
verbs:
- get
- update
- delete