# Dokploy Project-Level Secrets (deployment-credentials) Purpose: document how to add and manage Dokploy project-level secrets that Dokploy will use to access repositories or external resources. 1. In Dokploy, open the project settings for this repository/project. 2. Navigate to "Secrets" or "Project-level secrets". 3. Add a secret named `REPO_DEPLOY_KEY` containing a deploy key or token the Dokploy runner can use to clone the Gitea repository (recommended: SSH key or personal access token with repo read access). 4. Add any other required secrets (e.g., registry credentials) and mark them as masked. 5. In project configuration, reference the secret names so Dokploy injects them into the deploy environment. Security notes: - Use least-privilege tokens (read-only where possible). - Rotate keys periodically and document rotation steps in the runbook. - Do not commit secrets into repository files; store them only in Dokploy secrets or an external vault. Example: adding the provided deploy SSH public key 1. Create a new secret named `REPO_DEPLOY_KEY` (type: ssh key) in the Dokploy project secrets. 2. Paste the following public key as the value for `REPO_DEPLOY_KEY` (label recommended: `dokploy`): ``` ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCWNMhk+l4wY22aanXLRv0ATXwq3qwmePprMpTHxjUHakEfmefLlD0EGmSFJpMX+/owKyfyo6gJBRGtmUJtJPMIOgxb9GRhrs7vXHYhjw/RhTAfo45CGrnuqbDBp4OmDqe2Cdm7801UxzuJEbP+5Vtehg2uumKKWzWodTzMP7RjSAXEZHOh8+NhoK5LtMJzKHqw/lm0+q1evfL9LQ2POJBxgWdYYa/A7P3ZCGY4XjjdwB2Gh6hRKyy+ZQsuUximCQEAPCmRnKI0FyLXqLvlXCvyFUyKctlLvazQ7YgWLIVrVee14pQq/rr0lvagf3ODcJJF+dnWOjpPC6YzpPJV20/a2sHlr24dr50E1aNoh9OZVTayTcY7PBWkju3MaQXK3xL7OxnLs/c/juwu/6TOsqCjaUJXJcIDsniwjq2htaAqiweNfGZYp0gcE7D/O4cQShE/BMtxa2dLggcRUBA9UJptXkPS/fE2unjhxlH/c3PJqpFbSDh8WuCVVGa67ezd2FpqOd1zFbdf1tuUjEerwQvOwTGT4x1AuFiciYTd85sTWejR7CQ7IRR+Zms9QHvhYifAc3N2NP4rNh64o0nXUgON66uFrABEdHGGXIyrRJw6KTNJFrrgENEeeb0Q42fuPkMe9a8DFmqNxWzVcIEnRSsCnOM5rTJnLQzMoBjuyVp4Sw== dokploy ``` 3. Ensure the Dokploy project configuration references `REPO_DEPLOY_KEY` for repository clone operations and Git LFS access. 4. Optionally, add a short note in the project config: "This key is used by Dokploy to clone the `ahmido/lms` repo and fetch LFS objects."