specs/001-add-dokploy-deploy/checklists/deployment-credentials.md

@@ -12,3 +12,16 @@ Security notes:
 - Use least-privilege tokens (read-only where possible).
 - Rotate keys periodically and document rotation steps in the runbook.
 - Do not commit secrets into repository files; store them only in Dokploy secrets or an external vault.
+
+Example: adding the provided deploy SSH public key
+
+1. Create a new secret named `REPO_DEPLOY_KEY` (type: ssh key) in the Dokploy project secrets.
+2. Paste the following public key as the value for `REPO_DEPLOY_KEY` (label recommended: `dokploy`):
+
+```
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCWNMhk+l4wY22aanXLRv0ATXwq3qwmePprMpTHxjUHakEfmefLlD0EGmSFJpMX+/owKyfyo6gJBRGtmUJtJPMIOgxb9GRhrs7vXHYhjw/RhTAfo45CGrnuqbDBp4OmDqe2Cdm7801UxzuJEbP+5Vtehg2uumKKWzWodTzMP7RjSAXEZHOh8+NhoK5LtMJzKHqw/lm0+q1evfL9LQ2POJBxgWdYYa/A7P3ZCGY4XjjdwB2Gh6hRKyy+ZQsuUximCQEAPCmRnKI0FyLXqLvlXCvyFUyKctlLvazQ7YgWLIVrVee14pQq/rr0lvagf3ODcJJF+dnWOjpPC6YzpPJV20/a2sHlr24dr50E1aNoh9OZVTayTcY7PBWkju3MaQXK3xL7OxnLs/c/juwu/6TOsqCjaUJXJcIDsniwjq2htaAqiweNfGZYp0gcE7D/O4cQShE/BMtxa2dLggcRUBA9UJptXkPS/fE2unjhxlH/c3PJqpFbSDh8WuCVVGa67ezd2FpqOd1zFbdf1tuUjEerwQvOwTGT4x1AuFiciYTd85sTWejR7CQ7IRR+Zms9QHvhYifAc3N2NP4rNh64o0nXUgON66uFrABEdHGGXIyrRJw6KTNJFrrgENEeeb0Q42fuPkMe9a8DFmqNxWzVcIEnRSsCnOM5rTJnLQzMoBjuyVp4Sw== dokploy
+```
+
+3. Ensure the Dokploy project configuration references `REPO_DEPLOY_KEY` for repository clone operations and Git LFS access.
+
+4. Optionally, add a short note in the project config: "This key is used by Dokploy to clone the `ahmido/lms` repo and fetch LFS objects."