How to Manage SSH Public Keys on DigitalOcean Teams

Validated on 9 Dec 2024 • Last edited on 9 Dec 2024 ssh

When you add public SSH keys to DigitalOcean teams, you can automatically add them to new Droplets during creation. This lets you connect to the Droplet with SSH keys immediately after creation and removes the need to manually configure SSH key authentication.

Add SSH Keys to a Team

With the Control Panel

To add an SSH public key to a team, log in to the control panel and switch to the team you want to use. In the left menu, click Settings, then click the Security tab to go to the team security settings page.

The SSH Key section of the team security page with one key listed

In the SSH Keys section, click Add SSH Key to open the New SSH key window.

Copy your public key into the Public Key field. It’s safe to freely share your public SSH keys because you cannot recreate a private key using a public key. You can only use a public key to validate the user who holds the associated private key.

Tip

Can’t find your key pair? By default, your key files are saved to the hidden SSH folder in your home directory, and your public key ends in .pub.

On Linux, your public key is typically /home/your_username/.ssh/id_rsa.pub.
On macOS, it’s typically /Users/your_username/.ssh/id_rsa.pub.
On Windows, it’s typically /Users/your_username/.ssh/id_rsa.pub. If you generated your key pair with PuTTYgen, you need to use PuTTYgen to view the public key in the appropriate format.

Enter a name in the Key Name field, which lets you identify this key in the DigitalOcean Control Panel. We recommend using the name of the machine you copied the public key from.

Finally, click Add SSH Key to add the key to your team.

With the API or CLI

How to Add an SSH Key to Your DigitalOcean Team Using the DigitalOcean CLI

Install doctl, the DigitalOcean command-line tool.
Create a personal access token and save it for use with doctl.
Use the token to grant doctl access to your DigitalOcean account.
```
          doctl auth init
          
```
Finally, run doctl compute ssh-key create. Basic usage looks like this, but you can read the usage docs for more details:
```
            doctl compute ssh-key create <key-name> [flags]
          
```

How to Add an SSH Key to Your DigitalOcean Team Using the DigitalOcean API

Create a personal access token and save it for use with the API.

Send a POST request to https://api.digitalocean.com/v2/account/keys

cURL

Using cURL:

                curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{"name":"My SSH Public Key","public_key":"ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example"}' \
  "https://api.digitalocean.com/v2/account/keys"

Go

Using Godo, the official DigitalOcean V2 API client for Go:

                import (
    "context"
    "os"

    "github.com/digitalocean/godo"
)

func main() {
    token := os.Getenv("DIGITALOCEAN_TOKEN")

    client := godo.NewFromToken(token)
    ctx := context.TODO()

    createRequest := &godo.KeyCreateRequest{
        Name:      "My SSH Public Key",
        PublicKey: "ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example",
    }

    transfer, _, err := client.Keys.Create(ctx, createRequest)
}

Ruby

Using DropletKit, the official DigitalOcean V2 API client for Ruby:

                require 'droplet_kit'
token = ENV['DIGITALOCEAN_TOKEN']
client = DropletKit::Client.new(access_token: token)

ssh_key = DropletKit::SSHKey.new(
  name: 'My SSH Public Key',
  public_key: 'ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example'
)
client.ssh_keys.create(ssh_key)

Python

                import os
from pydo import Client

client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))

req = {
  "public_key": "ssh-rsa AEXAMPLEaC1yc2EAAAADAQABAAAAQQDDHr/jh2Jy4yALcK4JyWbVkPRaWmhck3IgCoeOO3z1e2dBowLh64QAM+Qb72pxekALga2oi4GvT+TlWNhzPH4V example",
  "name": "My SSH Public Key"
}

resp = client.ssh_keys.create(body=req)

Remove SSH Keys from a Team with the Control Panel

To remove an SSH public key from a team, log in to the control panel and switch to the team you want to use.

In the left menu, click Settings, then click the Security tab to go to the team security settings page. The SSH keys section lists any keys already added to the team.

In the … menu next to each key in the table, you can edit the key or delete it entirely. Deleting an SSH key from a team only removes the ability to create new Droplets with that key already added. It does not remove that SSH key from any Droplet’s SSH configuration.