Deployment

Keypair Generation

Create and install SSH keys for Kamal deploy access.

When to use this page

You need SSH access from local machine and CI to your server.
You want a dedicated deploy key.

Step 1: Generate a keypair

Run locally:

ssh-keygen -t ed25519 -C "kamal-deploy" -f ./key

This creates:

key (private key)
key.pub (public key)

Step 2: Add public key to server

You have two options:

Add key.pub in Hetzner UI during server creation (recommended).
Or copy key.pub content to server ~/.ssh/authorized_keys for user root (or deploy user).

Step 3: Add private key to GitHub Actions

In GitHub:

Open Settings -> Environments -> production.
Add secret PROD_SSH_PRIVATE_KEY.
Paste full private key content from key.

Verify

SSH works from local machine:

ssh -i ./key root@159.69.223.212

GitHub Actions can load SSH key with webfactory/ssh-agent.

Kamal Setup

Install Kamal locally and verify CLI access before deployment.

Server Setup

Minimal host preparation for Kamal and accessories.

On this page

When to use this page Step 1: Generate a keypair Step 2: Add public key to server Step 3: Add private key to GitHub Actions Verify