# How to Manage SSH Public Keys on DigitalOcean Teams When you add public SSH keys to DigitalOcean teams, you can automatically add them to new Droplets during creation. This lets you [connect to the Droplet with SSH keys](https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/index.html.md) immediately after creation and removes the need to [manually configure SSH key authentication](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/index.html.md). ## Add SSH Keys to a Team ### With the Control Panel To add an SSH public key to a team, log in to the [control panel](https://cloud.digitalocean.com) and switch to the team you want to use. In the left menu, click **Settings**, then click the **Security** tab to go to the [team security settings page](https://cloud.digitalocean.com/account/security). ![Security tab showing a list of SSH keys with their names and fingerprints.](https://docs.digitalocean.com/screenshots/teams/ssh-keys.903f80218faa4686b6bf6565b1d8ad2d67f89b22834d8577c66b2ecb1f52b9b8.png) In the **SSH Keys** section, click **Add SSH Key** to open the **New SSH key** window. Copy your public key into the **Public Key** field. It’s safe to freely share your [public SSH keys](https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys) because you cannot recreate a private key using a public key. You can only use a public key to validate the user who holds the associated private key. **Tip**: Can’t find your key pair? By default, your key files are saved to the hidden SSH folder in your [home directory](https://en.wikipedia.org/wiki/Home_directory), and your public key ends in `.pub`. - On Linux, your public key is typically `/home/your_username/.ssh/id_ed25519.pub`. - On macOS, it’s typically `/Users/your_username/.ssh/id_ed25519.pub`. - On Windows, it’s typically `/Users/your_username/.ssh/id_ed25519.pub`. If you generated your key pair with PuTTYgen, you need to [use PuTTYgen to view the public key](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/create-with-putty/index.html.md#working-with-putty-s-public-key-format) in the appropriate format. Enter a name in the **Key Name** field, which lets you identify this key in the DigitalOcean Control Panel. We recommend using the name of the machine you copied the public key from. Finally, click **Add SSH Key** to add the key to your team. ### With the API or CLI ## How to Add an SSH Key to Your DigitalOcean Team Using the DigitalOcean CLI 1. [Install `doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/index.html.md), the official DigitalOcean CLI. 2. [Create a personal access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) and save it for use with `doctl`. 3. Use the token to grant `doctl` access to your DigitalOcean account. ```shell doctl auth init ``` 4. Finally, run `doctl compute ssh-key create`. Basic usage looks like this, but you can [read the usage docs](https://docs.digitalocean.com/reference/doctl/reference/compute/ssh-key/create/index.html.md) for more details: ```shell doctl compute ssh-key create [flags] ``` ## How to Add an SSH Key to Your DigitalOcean Team Using the DigitalOcean API 1. [Create a personal access token](https://docs.digitalocean.com/reference/api/create-personal-access-token/index.html.md) and save it for use with the API. 2. Send a POST request to [`https://api.digitalocean.com/v2/account/keys`](https://docs.digitalocean.com/reference/api/digitalocean//index.html.md#operation/sshKeys_create). ### cURL Using cURL: ```shell curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \ -d '{"name":"My SSH Public Key","public_key":"ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example"}' \ "https://api.digitalocean.com/v2/account/keys" ``` ### Go Using [Godo](https://github.com/digitalocean/godo), the official DigitalOcean API client for Go: ```go import ( "context" "os" "github.com/digitalocean/godo" ) func main() { token := os.Getenv("DIGITALOCEAN_TOKEN") client := godo.NewFromToken(token) ctx := context.TODO() createRequest := &godo.KeyCreateRequest{ Name: "My SSH Public Key", PublicKey: "ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example", } transfer, _, err := client.Keys.Create(ctx, createRequest) } ``` ### Ruby Using [DropletKit](https://github.com/digitalocean/droplet_kit), the official DigitalOcean API client for Ruby: ```ruby require 'droplet_kit' token = ENV['DIGITALOCEAN_TOKEN'] client = DropletKit::Client.new(access_token: token) ssh_key = DropletKit::SSHKey.new( name: 'My SSH Public Key', public_key: 'ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example' ) client.ssh_keys.create(ssh_key) ``` ### Python Using [PyDo](https://github.com/digitalocean/pydo), the official DigitalOcean API client for Python: ```python import os from pydo import Client client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN")) req = { "public_key": "ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example", "name": "My SSH Public Key" } resp = client.ssh_keys.create(body=req) ``` ## Remove SSH Keys from a Team with the Control Panel To remove an SSH public key from a team, log in to the [control panel](https://cloud.digitalocean.com) and switch to the team you want to use. In the left menu, click **Settings**, then click the **Security** tab to go to the [team security settings page](https://cloud.digitalocean.com/account/security). The **SSH keys** section lists any keys already added to the team. In the **…** menu next to each key in the table, you can edit the key or delete it entirely. Deleting an SSH key from a team only removes the ability to create new Droplets with that key already added. It does not remove that SSH key from any Droplet’s SSH configuration.